VPNs (Virtual Private Nightmares)
by Steven Drew - Monday, 02 July 2004.
Here's a question: What's the number 1 vector for security outbreaks today? Given the title of the article we hope you answered Virtual Private Networks (VPNs). Today's convenient world of mobile access to critical applications and information has come with a hefty burden for the world's already overburdened security teams. Our Secure Operations Centers witness the same trend each time a new outbreak, such as Sasser, occurs. The first day, usually during a weekend, is eerily quiet given the large amount of outbreak activity we see outside of our clients' networks. But then Monday rolls around and our Analysts are rapidly working to prevent damage from internal outbreaks for the next couple of days. Almost every single one of these internal outbreaks can be traced back to an infected mobile user or external partner entering the corporate network through the VPN.

There are a variety of ways security teams can address this problem. However, the right solution must be unobtrusive to the external party and err on the side of availability since most external users are either sales personnel, executives or business partners that cannot be denied access.

Network Segmentation

Network segmentation is the first basic step to address the VPN issue. Properly segmenting your VPN network and the networks most typically accessed by users will give you the ability to contain outbreaks when they occur. Segmentation can be performed at the network, sub-network and host level. At the network level, teams can utilize their Firewalls and IPS devices to segment major portions of the network. However, perhaps more importantly security teams need to properly segment individual subnets and limit who can access these networks and hosts. This can be performed easily using Virtual LAN and Access Control Lists. Performing proper segmentation across all three levels will enable security teams to contain outbreaks, control which users can access critical hosts and provide the fundamental level of security around their VPN segments.

Intrusion Prevention

Intrusion Prevention Systems (IPS) are an extremely useful solution to the VPN outbreak problem. Since an IPS is an inline device with automated blocking functionality there is always risk of falsely denying access. However, a properly tuned IPS looking for a discrete set of known malware can be highly effective in preventing outbreaks behind the VPN. Security teams should deploy an IPS device behind any and all VPN devices. Once an outbreak occurs these teams should move quickly to update their IPSs with the new attack signature and turn the blocking mode on when the device encounters this new threat. Security teams should then monitor the activity on this device to ensure that all malicious traffic is blocked, while not denying legitimate traffic. Managing this IPS process effectively will result in far fewer internal outbreaks and consequently security team headaches.

Emerging Solutions

New initiatives from leading network and security vendors hold the promise of easing the VPN outbreak burden in the future. Cisco's Network Access Control (NAC) is one such initiative. Essentially NAC will inform a Cisco router or VPN about the current state of the mobile user's security. Information such as patch levels and anti-virus signature updates are then used by the VPNs to determine whether or not this person is safe to enter your network. If they are not safe the device directs the user to an internal web page where they can download the latest patches or virus signatures. Other vendors are promising to deliver a similar set of functionality. These solutions should greatly help security teams control the number of outbreaks occurring through the VPN.

Summary

Spotlight

New Zeus variant targets users of 150 banks

Posted on 19 December 2014.  |  A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Dec 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //