顶级企业VPN漏洞

你好。这是苏珊布拉德利为CSO在线。今天我要谈的虚拟专用网络。或专门的VPN软件。当有一天，美国国税局美国税收执法机构发布的出版物4557谈论的步骤，需要报税的企业为了保持有关纳税人的信息数据安全做这一切开始。2020欧洲杯夺冠热门而在指导的项目，他们那种给了让我觉得有点奇怪之一。它与讨论如何处理公共Wi-Fi事要做。他们建议你，如果你使用的VPN只接入业务类似的敏感文件。它说一个VPN提供通过互联网远程用户和公司网络之间的安全加密隧道来发送数据。然后他们说，寻找最好的VPN找到一个合法的供应商。 Major technology sites often provide lists of top services. And I saw that and went wow you know the number of times that I've googled on best VPN software I've hit so many Malicious Web sites it's not funny. So. Is VPN more secure? Let's think about that. So first off when you go looking around for VPN software VPN phone applications in particular aren't so secure. In fact a Wired article at least two years ago found that 283 mobile VPN applications on the Google Play store were found to be malicious or has significant privacy and security limitations. So don't get pulled in by the lure of free software either. As research has shown when you don't pay for something you're often the product. Once again various different android VPN permission based apps were reviewed and many of them had issues with privacy and security. Two years later and now we see research that 90 percent of popular free VPN apps on Apple and Google Play stores have serious user privacy flaws. Things are not better. But what about applications in corporate VPN software? Recently attackers have been targeting VPN platforms and are being used in active attacks specific attackers are targeting telecommunications software in defense industries. VPN software is their new target once they steal the passwords into VPN software. They then use more typical attack tools to get inside the network and do lateral movements for example they use Mimi Katz. PWdump and WDigest credential harvesting to gain more access into the network. Attackers are also going after Office 365 mailboxes by using tools such as ruler penetration testing tool and abusing the exchange Web services API. Back in July a presentation was done at Black Hat talking about ways to get into networks using VPN vulnerabilities in particular using a pre auth Remote control Exploit. On the Leading SSL VPN is. Specifically if you're using pulse connect secure look for CVE 2019- 11510. Also pulse connects secure CVE 2019-11539. If you're using Fortinet you need to make sure your patch for CVE 2018-13379. CVE 2018-13382. And then also CVE 2018-13383. Most of these are post authorization heap overflow. It allows an attacker to gain a shell running on the router itself. Last but not least you want to make sure you patch for CVE 2019-1579. If you're running Palo Alto VPNs. If you've been attacked you want to make sure you look at the log files on the virtual private network device and also look for evidence of compromised accounts and active use. Look for connections that don't make sense that are done during odd times and other unusual events on your log files. When choosing me solutions make sure you understand and give yourself ways to that you can patch and maintain the remote access. You can also consider adding multi factor authentication when using VPN solutions. For example Duo is one vendor that allows VPN to have two factor authentication. You want to make sure that you provide guidance and education to users on how to use the two factor authentication process. Bottom line, don’t just automatically assume that VPN applications make you more secure. They can introduce more risk not less. So think about that. VPN isn't inherently secure and treat it accordingly. Make sure you can update it make sure you can patch it look for it abilities to add to factor to it. Until next time this is Susan Bradley. Don't forget to signe up for Techtalk from IDG and look for us on the YouTube channel. Until next time. This is Susan Bradley. Thank you again. Bye bye.