Hole found in widely used VPN gear
Virtual private network products from a variety of vendors, including Cisco Systems and Juniper Networks are vulnerable to a denial of service attack, thanks to a bug that was recently discovered by researchers at Finland's University of Oulu.
The flaw affects a component of the IPsec (Internet Protocol Security) protocol used by VPN (virtual private network) software and hardware to securely exchange data over the Internet. While there is some risk of affected VPN systems being taken over by attackers, a more likely threat is a DOS (denial of service) attack, in which machines would be forced to reset repeatedly, jamming up networks and causing headaches for users.
"This issue is ... very important to you if you are using an IPsec VPN," said security research center The SANS Institute in a statement posted to its Web site. "While this is not as severe as remote code execution, it can still break a business if critical network links are impacted."
The problem concerns a component of the IPsec protocol, called ISAKMP (Internet Security Association and Key Management Protocol), which is used to send authentication data within IPsec. By sending specially crafted ISAKMP packets, an attacker could launch a variety of attacks, the U.K.'s National Infrastructure Security Co-ordination Centre said in a statement. (http://www.uniras.gov.uk/niscc/docs/br-20051114-01013.html?lang=en)
This bug was first reported Monday, and by Tuesday a number of vendors had posted statements explaining how it affects their products on the U.K. security Web site. (http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en)
In addition to Cisco (http://www.cisco.com/en/US/products/products_security_advisory09186a0080572f55.shtml) and Juniper, the bug has been reported in products from Checkpoint, (https://secureknowledge.us.checkpoint.com/SecureKnowledge/login.do?OriginalAction=solution&id=sk31316) Stonesoft (http://www.stonesoft.com/support/Security_Advisories/7244.html) and Secgo Software. (http://www.secgo.com/newsletter/20051114/CIP517_description.txt)
Researchers say that some operating systems are also affected, including Sun Microsystems's Solaris (http://sunsolve.sun.com/search/document.do?assetkey=1-26-102040-1). IBM's AIX operating system and Microsoft's products are not affected by the bug, the two companies said.
- +
ARN's A-Z guide to networking 19 December, 2007 14:50:54
As business needs change, so do the requirements for the business backbone. ARN looks at networking trends and technologies and reports on predictions for 2008 and beyond. - +
Seven Cisco bad luck happenings in '07 31 December, 2007 07:08:39
Ranging from the departure from Cisco of a high-flying exec to a wireless LAN data flooding to some major problems with Cisco VoIP equipment.Even the best of us has bad days, but when Cisco has them for whatever reason, they get reported widely. Here are our picks of the top-7 bad luck happenings in Ciscoland in the past year, ranging from the departure from Cisco of a high-flying exec to a wireless LAN data flooding to some major problems with Cisco VoIP equipment.
Click here for case studies, whitepapers and other useful vendor content 
ARN Panel Sessions: Day 3The last of our panel sessions recorded live at CeBIT 2008. Today, the topic is storage. Data is growing at an enormous rate, so what does the future hold?
Weekly Tech News Update: 21st November 2008Yahoo's CEO says goodbye, Intel introduces a new processor, and robots run wild. All that news and more on this week's World Tech Update
Electronic voting in U.S. electionDoubts about voting machines are lingering in the minds of many Americans as they head to the polls.
When an IT disaster occurs, how handy it would be to push a button and start again as if nothing had happened.
Discover and learn more about CA XOSoft today.
PGP and Ponemon Institute Unveil Inaugural Australian Data Breach Study 2008 20 November, 2008 17:34:00
Symantec Cloud Services Transform Data Centre Operations Through Proactive Management 20 November, 2008 12:06:00
Verizon Business Offers Tips to Building a Successful Unified Communications and Collaboration Plan 20 November, 2008 12:04:00
NetApp Named 2008 Citrix Ready Solution of the Year by Citrix Systems 20 November, 2008 11:33:00
Extreme Networks Ethernet Transport lowers total cost of ownership for carrier metro networks 20 November, 2008 10:21:00
WebCentral boosts Security and Reliability with Windows Server 2008
WebCentral, Australia's largest web and application hosting company, relies on Microsoft Windows Server 2008 to deliver the security, manageability and reliability their customers require.
Buying Guides
