顶级企业VPN漏洞

你好。我是CSO在线的苏珊·布拉德利。今天我要讲的是虚拟专用网。或者VPN软件。这一切都始于前几天美国国税局，美国税务执行组织发布了4557的公告谈论税务准备公司需要做的步骤来维护纳税人信息的数据安全。雷竞技比分他们的指导中有一项让我觉得有点奇怪。它与讨论如何处理公共Wi-Fi有关。他们建议你只有在使用VPN的情况下才能访问类似的敏感文件。该公司说，VPN提供了一个安全加密的隧道，通过互联网和公司网络在远程用户之间传输数据。然后他们说搜索最好的vpn来找到一个合法的供应商。 Major technology sites often provide lists of top services. And I saw that and went wow you know the number of times that I've googled on best VPN software I've hit so many Malicious Web sites it's not funny. So. Is VPN more secure? Let's think about that. So first off when you go looking around for VPN software VPN phone applications in particular aren't so secure. In fact a Wired article at least two years ago found that 283 mobile VPN applications on the Google Play store were found to be malicious or has significant privacy and security limitations. So don't get pulled in by the lure of free software either. As research has shown when you don't pay for something you're often the product. Once again various different android VPN permission based apps were reviewed and many of them had issues with privacy and security. Two years later and now we see research that 90 percent of popular free VPN apps on Apple and Google Play stores have serious user privacy flaws. Things are not better. But what about applications in corporate VPN software? Recently attackers have been targeting VPN platforms and are being used in active attacks specific attackers are targeting telecommunications software in defense industries. VPN software is their new target once they steal the passwords into VPN software. They then use more typical attack tools to get inside the network and do lateral movements for example they use Mimi Katz. PWdump and WDigest credential harvesting to gain more access into the network. Attackers are also going after Office 365 mailboxes by using tools such as ruler penetration testing tool and abusing the exchange Web services API. Back in July a presentation was done at Black Hat talking about ways to get into networks using VPN vulnerabilities in particular using a pre auth Remote control Exploit. On the Leading SSL VPN is. Specifically if you're using pulse connect secure look for CVE 2019- 11510. Also pulse connects secure CVE 2019-11539. If you're using Fortinet you need to make sure your patch for CVE 2018-13379. CVE 2018-13382. And then also CVE 2018-13383. Most of these are post authorization heap overflow. It allows an attacker to gain a shell running on the router itself. Last but not least you want to make sure you patch for CVE 2019-1579. If you're running Palo Alto VPNs. If you've been attacked you want to make sure you look at the log files on the virtual private network device and also look for evidence of compromised accounts and active use. Look for connections that don't make sense that are done during odd times and other unusual events on your log files. When choosing me solutions make sure you understand and give yourself ways to that you can patch and maintain the remote access. You can also consider adding multi factor authentication when using VPN solutions. For example Duo is one vendor that allows VPN to have two factor authentication. You want to make sure that you provide guidance and education to users on how to use the two factor authentication process. Bottom line, don’t just automatically assume that VPN applications make you more secure. They can introduce more risk not less. So think about that. VPN isn't inherently secure and treat it accordingly. Make sure you can update it make sure you can patch it look for it abilities to add to factor to it. Until next time this is Susan Bradley. Don't forget to signe up for Techtalk from IDG and look for us on the YouTube channel. Until next time. This is Susan Bradley. Thank you again. Bye bye.