VPNs still show basic flaws, says study

Simple problems ruining good security

A penetration test of U.K. corporate VPNs has offered decidedly mixed news on security.

The bad news is that all companies looked at showed multiple vulnerabilities on their IPsec VPNs, a situation that has actually deteriorated slightly from the same tests conducted a year ago. More positively, none of these ranked higher than 'medium' in severity.

The tests were carried out by security testing firm NTA Monitor, finding that the average number of vulnerabilities across a range of sectors had risen from nine to 11 in a year. Overall, 73 percent of organizations showed one or more medium-level flaw, defined as those issues likely to "allow external users to disrupt services, permitting users to obtain unauthorized access or provide access to unauthorized external users if incorrectly configured."

That said, the ten commonest flaws were all described as 'low' risk or 'informational', meaning they would not allow a hacker the ability to directly disrupt a VPN. Companies were still being tripped up by basic problems, the report said, but these would be easy to fix with better housekeeping.

Taking the results by sector, the finance sector turned in a good performance, with only one medium-risk vulnerability found on average. By contrast, the least secure sectors were pharmaceuticals, leisure and government, which had between two and three medium-level risks, as well as a markedly greater number of low-risk issues.

The top two vulnerabilities across all companies were that the VPN server was responding to any source IP address, and the server could be 'fingerprinted,' that is the fact that the VPN server was residing on a firewall risked making the latter's existence easier to detect for attackers.

NTA Monitor offers an important caveat to the results. Because the companies tested were all customers of company, it could be argued that they represented the conscientious end of the business world. Any company paying to test its VPN security is accepting the idea that security is an issue, something that might not hold true for companies generally. VPNs in the wider world might show more serious problems.

The full report, and its recommendations, is due to be made available on NTA's website in the coming days.

Join the newsletter!

Or
Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John E. Dunn

Techworld.com
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?