Cybersecurity

5968 readers

222 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

kid

[email protected]

Norway recommends replacing SSL VPN to prevent breaches (www.bleepingcomputer.com)

submitted 8 months ago by [email protected] to c/cybersecurity

4 comments fedilink hide all child comments

The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 10 points 8 months ago (1 children)

From the article:

While the cybersecurity organization admits IPsec with IKEv2 isn't free of flaws, it believes switching to it would significantly reduce the attack surface for secure remote access incidents due to having reduced tolerance for configuration errors compared to SSLVPN.

Basically, every vendor has their own implementation of SSL VPN as there is no real standard, whereas IPsec is mostly vendor-agnostic. And you effectively need to keep an open web server to receive the client connections, making exploitable misconfigurations or vulnerabilities much more likely.

[–] taladar 1 points 8 months ago* (last edited 8 months ago)

On the other hand IPsec has no real way to negotiate crypto parameters so those stay whatever you initially set up forever, even if those algorithms have known exploits or become insecure in other ways. Also, there are incompatible vendor versions of IPsec too.