Beware of VPN Security Flaws with Zero-Day Vulnerabilities
While VPNs have been widely deployed to enable employees with secure remote access over the Internet, their weakness is exposing internal resources to bad actors and insiders with malicious intent.
The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities. The recent zero-day CVE 2021-3064 with a 9.9 out of 10 CVSS vulnerability score is just one indicator of firewall and VPN vulnerabilities that put organizations at great risk.
The CVE 2021-3064 vulnerability found in Palo Alto Networks’ (PAN) Global Protect VPN/firewall has the potential to breach thousands of organizations. If bad actors successfully exploit this weakness, they can gain a shell on targeted systems, access sensitive configuration data, extract credentials and laterally move across the organization’s internal network.
While PAN released a patch, not everyone will receive the update and install it the same day, or at all. The vulnerability is a flaw in the VPN server, which is an embedded system that runs its own operating system. The update is not a simple or smooth process to install. It’s a manual process that takes time to complete, and the system needs to be rebooted.
Don’t send an all-clear signal just because there’s an update
Don’t be surprised to see more news about subsequent attacks using this vulnerability to hack into other organizations. The exploit code will be made public soon, enabling attackers to potentially break into other networks because of this server security vulnerability. We’ve seen this play out before, with SonicWall’s VPN server. Before that, it was Fortinet, and the list will continue to grow.
SThe Colonial Pipeline ransomware breach came through one of the company’s VPN accounts. These continuing vulnerabilities highlight the security risks with VPNs, and the need for zero trust network access, or ZTNA.
Eliminating the risk caused by VPN vulnerabilities
The problem with VPNs is their uncontrolled exposure, enabling users with free access to corporate applications and other IT resources. The answer to this security problem is ZTNA, with granular access control policies to provide secure remote access to an organization's applications, services, servers, databases and data. The most common use case for ZTNA is a partial or complete replacement of VPNs.
RevBits ZTN internal resources by confining access to one resource at a time (e.g., server, application, database, etc.). Complete and granular access control is enabled, without exposing the resource’s IP addresses. All resources within the organization that are implemented within RevBits ZTN are protected from direct Internet access. Access is only granted to authenticated users, reducing network risks and eliminating lateral movement to devices that may have been infected by viruses.
RevBits ZTN’s user-to-resource access approach is a completely different model than a network-centric VPN methodology. RevBits encrypts, authenticates, and securely connects remote employees and third-parties over SSL/TSL, to internal resources and applications to which they have specific access, without access to other resources.
Enabling an explicit and risk appropriate zero trust security posture, users are granted access based upon their identity and device. This includes attributes and context, like roles and responsibilities, time and date, location and more. Identity-related device data includes operating systems, browser versions, disk encryption and security software update status. RevBits combines policies for applications, users, devices, IP addresses, locations, workloads and risk, and utilizes identity data to define and enforce access control policies, allowing the appropriate level of access and trust.
RevBits ZTN includes integrated privileged access management (PAM), with native identity-based authentication, multi-factor authentication (MFA), single sign-on (SSO), end-to-end encryption, session recording and more. Remote access authentication and authorization protect resources inside the network, and encrypted tunnels secure connections for outside network traffic. Companies that already have another vendor’s PAM solution benefit from RevBits ZTN granular access protection for remote employees and third-parties with capabilities far
Most homeowners have had to deal with a pest problem at some point. In addition to the mess their intrusion may create, they can also cause a great deal of damage. Trying to determine their access point can be a tricky endeavor. You can attempt any number of lures and traps; sometimes with success. But the truly insidious and elusive pest will require the services of an expert.
When it comes to cybersecurity, different tactics emerge on a daily basis, which can make it difficult to keep up with current trends. Sandboxing and honeypot security are two cybersecurity tactics that are constantly evolving but can be confused. These two technologies are quite different and both offer valuable solutions to various cybersecurity issues. By understanding the differences in these two technologies, businesses can be sure they have the right solution for their cybersecurity needs.
Cyber attacks have been on the rise for the past five years and traditional, passive defenses are no longer enough to protect businesses and enterprises. Many companies are pairing defensive and offensive cybersecurity approaches and are implementing measures like honeypots and deception technologies to protect against future attacks.