The UK's National Infrastructure Security Coordination Center (NISCC) has warned of potential attacks on the IPSec protocol used in browser-based virtual private networks, which could render encrypted messages as plain text with only "moderate effort". This would affect many remote communications to enterprise networks via Wi-Fi and other networks, with IPSec becoming increasingly popular among mobile workers.
The NISCC describes the weakness as "severe" and says it applies to IPSec configurations that rely on Encapsulating Security Payload (ESP) in tunnel mode with confidentiality only, or with integrity protection offered by a higher layer protocol.
The attacks need to be carried out many times before they are successful, but once this phase is reached, "the results can be reused to efficiently recover the contents of further inner packets". The attacks are fully automatable.
The main safeguards that companies should take are to configure ESP to use both confidentiality and integrity protection; use the AH protocol alongside ESP to provide integrity protection; and filter ICMP messages at a firewall or security gateway.
skip to main |
skip to sidebar
Welcome to the Network Security Library.Review of the top 100 network security tools and Discuss your security issues with thousands of other network security experts.
Blog Archive
-
▼
2006
(96)
-
▼
November
(7)
- GFI LANguard Network Security Scanner 3.3
- Web Security Software protects mobile users outsid...
- Performance Analysis: Network Security Scanners
- Hitachi Software and KDDI Network & Solutions to M...
- Security group warns of VPN vulnerabilities
- Network Security: Know Your Weaknesses
- Retina Network Security Scanner
-
▼
November
(7)
Categories
- 4 Easy Ways to Build an Effective Network (1)
- A Review of the Share the Wealth Income Opportunity (1)
- Anonymous Proxy Lists - A Warning (1)
- Attention Network Marketers (1)
- Basic Wireless Network in Your Home (1)
- Business Networking Attitude (1)
- Business Opportunity Leads - Let Them Feel You Are Offering Them a Legitimate Opportunity (1)
- Computer Discount Sales (1)
- Current Internet Network Security (1)
- Cyber Crimes - The Call For Fast Lucre (1)
- Cyber War and SEO Defense (1)
- Developing Self-Direction (1)
- effective network (1)
- Elements of Some 419 Scams (1)
- Email Spam Scams and Variations of 419 Scams (1)
- George W.Bush (1)
- Get the Right Business Networking Attitude (1)
- goals of the networker (1)
- Here's How to Explode Your Network Marketing Income (1)
- Homeland Security (1)
- How to Erase Your Search History Completely (1)
- How to Succeed in Network Marketing With the Internet (1)
- How to Use the Power of 5 in Network Marketing (1)
- Hu Jintao (1)
- Internet Marketing Vs Yellow Pages (1)
- internet security (1)
- Learn How to Sell Network Marketing Without Fear Now (1)
- levels of networking (1)
- Major League Networking (1)
- Making Money With an Opt-In Box (1)
- network . (1)
- Network Marketing Phone Sponsoring Secrets For Ultimate Success (1)
- Network Security Policies (1)
- Networking Tips (1)
- Phishermen Use IRS As Bait to Catch Victims (1)
- Platform Will Reflect Shifts (1)
- Protect Your Identity (1)
- Scientists want top security for GM crop tests (1)
- SMBs in India to Spend US$289M on Data Security This Year (1)
- Social Security (1)
- Syncing Military Network Ops (1)
- What to Do About Harassing Emails (1)
- Winning Tactics For Home Based Network Marketing Business (1)
- wireless network (1)
- Word of Mouth Advertising (1)
- Working Proxies and Why Free Proxies Break (1)
- Your Only Way to Achieving Outrageous Network Marketing Money and Freedom (1)
Posts
