Thursday, October 10, 2024
HomeCyber AttackNorway Recommends Replacing SSLVPN/WebVPN to Stop Cyber Attacks

Norway Recommends Replacing SSLVPN/WebVPN to Stop Cyber Attacks

Published on

A very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS) based VPN solutions, like SSLVPN and WebVPN, should be replaced with safer options.

Bad people are still taking advantage of flaws in these VPN services, which is why this suggestion was made.

ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service

- Advertisement - EHA

Critical Vulnerabilities in SSLVPN

The NCSC has long known that SSLVPN systems have major security holes and has been reporting them.

People have used these flaws many times, which is why the NCSC is pushing for a switch to safer remote access technologies, as per reports by NSM.

Internet Protocol Security (IPsec) with Internet Key Exchange (IKEv2) is suggested as an alternative.

This is also what cybersecurity authorities in other countries propose.

This suggestion’s main goal is to reduce the attack area and vulnerabilities of secure remote access.

The NCSC says new vulnerabilities that haven’t been seen before will likely appear in SSLVPN products.

IPsec has some flaws with IKEv2, but it has a smaller attack area and can handle more configuration mistakes.

The NCSC suggests that companies make a plan to gradually stop using SSLVPN and switch to IPsec IKEv2 to lower the risks that come with using VPNs for remote access.

How difficult this transition will be will depend on factors such as the size of the business, the number of employees, the network architecture, the choice of supplier, and the area where it will be used.

By the end of 2025, all companies will have switched from SSLVPN to IPsec IKEv2.

Businesses affected by the Security Act or considered socially important should have made the change by the end of 2024.

Steps for Implementation

Change how existing VPN solutions are set up: Set VPNs up now to work with IPsec IKEv2.

If that’s not possible, make plans for a backup.

  • Move systems and users: Change all servers and users from SSLVPN to IPsec IKEv2.
  • Turn Off SSLVPN Features: Ensure SSLVPN features are off, and destinations are not responding.
  • Stop All TLS Traffic From Coming In: Stop all TLS traffic from entering the VPN server.
  • Use Certificate identification: To make things safer, use certificate-based identification.

The NCSC suggests the following steps to keep things safe during the changeover period:

  • Centralized Logging: Make sure that VPN services log all of your actions to a central system so that you can quickly find and stop any suspicious activity.
  • Geofencing: Only let traffic from the countries you need come in.
  • Block Unsafe Infrastructure: Don’t let people in from unsafe sources like VPN providers, Tor exit nodes, and VPS providers that offer anonymization services.

The NCSC recommends using 5G mobile or mobile broadband instead of setting up an IPsec link when that is impossible.

Also, modern, safe built-in solutions for operating systems are suggested, like Always On VPN (not DirectAccess) on Windows or solutions based on the WireGuard protocol, as long as they include security features like managing users and machines and keeping a central log of logins and activity.

In its suggestion, the NCSC stresses how important it is for businesses to improve their security by switching from SSLVPN to safer options like IPsec IKEv2.

By doing this, organizations can protect their remote access systems and make themselves much less vulnerable to cyberattacks.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code

Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability...