All attackers want to trick victims to visit their malicious websites
Critical analysis of VPN
The network ingress filtering to protect VPN service from DOS attack
The tremendous internet growth, and incredible telecommunication enhancement, have concerted the Internet with every aspect of this global scenario. The operations on the Internet have enlarged drastically and that made the hackers seek sensitive data. On the other hand, it has made a data protection necessity. VPN- Virtual Private Network has become a popular logical service to construct private networking safely, by utilizing the prevailing public infrastructure. This allows the construction of a geographically discrete LAN to securely communicate and transfer data on the Internet to become a backbone of the communication network. This is because VPN offers complete integrity, confidentiality by encryption and tunneling. The protocol IPSec derived VPN presents several security features, however, fails to provide enough protection against DoS- Denial of Service attack to VPN and that signifies a serious threat and insecurity to companies functioning over the Internet. It further obstructs the functioning of the service providers. Therefore, there is an urgent need to provide an incessant VPN service, by adding more protective mechanisms, near the attack source to prevent the spell from high-speed link saturation and to protect the VPN services from DoS attacks and packet flooding.
Fresh cryptographic algorithms to enhance the security measures of voice data
The VoIP- Voice over Internet Protocol, is a real-time application technology, which helps the transmission of voice packets over IP- internet protocol. In such cases, security and privacy are of the highest concern, when the open network is to be utilized. On the whole, the real-time relevance suffers from IP network loss and packet latency. Cryptographic arrangements can be applied to gain VoIP security. However, its QoS- Quality of Service impact must be reduced. It is a known fact that encryption algorithms are computationally tricky and also expensive. Hence, it takes a considerable time that adds to packet delay. Usually, VoIP is for public users and can generate a major exchange problem, while an intermediate trusted authority can absorb this responsibility. The VoIP security must be improved through the projected cryptographic system. The solution proposed forming a simple, yet strong algorithm of encryption and decryption along with the embedded exchange method as the protective keys between the users. The fresh keys can be developed in a random manner and thereafter utilized to encrypt every fresh voice packet to reinforce the level of security. The main exchange is performed by inserting the ciphered voice packet key based on the sender and receiver side sequences of the key positions, while the receiver target can only extract the key. The process of encryption can be bifurcated into three segments: generation of the key, encryption procedure, and the process of the key insertion. Thereafter, the decryption procedure gets bifurcated into two segments: the process of key extraction, and the process of decryption. The recommended solution can be implemented, tested. The results indicated that the time required for the procedures of security is reduced when compared with established algorithms like AES_Rijndael. Moreover, the investigation has established that the level of security generates a direct connection to the prime size and length of the voice packet. The large size of the packet needs more processing period. Lastly, the implemented results indicate that the average time required for encryption and decryption of a voice size of packet utilizing the anticipated, algorithm with the lengthy 1024-bits key, and is smaller than what was observed in AES_Rijndael algorithm having a shorter key of size 128-bits.
The researchers of Cybersecurity have also identified the industrial VPN, critical vulnerabilities in the implementation, basically utilized to provide OT- operational technology, remote access to the internet networks that can give access to hackers to execute malicious code, overwrite data, and also compromise ICS- industrial control system.
Another report made available by the company of industrial cybersecurity, named Claroty demonstrated that there are severe multiple vulnerabilities in VPN installation, enterprise-grade, that includes M2M Server, Secomea GateManager, EDR-G902 Moxa, EDR-G903, and Networks of HMS, eWon, VPN eCatcher.
These product vulnerabilities are mainly applied in field-related industries like oil and gas, electric utilities, water utilities, to remotely maintain, access, and monitor field devices and ICS, inclusive of PLC- programmable logic controller, input, and output devices.
These exploitations successfully applied to provide the vulnerability and can provide an unauthenticated attacker clear access to any ICS device and probably produce certain physical damage.
The GateManager of Secomean uncovered several security flaws, and also a (CVE-2020-14500) critical vulnerability allowing arbitrary data overwriting, arbitrary code execution, and causing a DoS situation, running root as commands, and acquiring user password for the use of a delicate hash type.
Also, such flaws can be remotely exploited, without getting the authentication to get the remote execution code, and that can result in quickly obtaining complete access to the internal network of customers, together with the decrypting ability to every traffic that goes through the VPN.
The GateManager is also mainly used to get the remote access of the ICS server employed globally as a proper solution for cloud-based SaaS that permits users to link the internal network from any internet by an encrypted tunnel, simply by avoiding server setup.
There is a critical flaw in this, which was identified to be CVE-2020-14500, that affects the component of GateManager, and it forms the prime routing case in the remote access of Secomea solution. This flaw happens because of improperly managing certain HTTP header requests given by the client.
This content is accurate and true to the best of the author’s knowledge and is not meant to substitute for formal and individualized advice from a qualified professional.
© 2021 Shyam Gokarn