* Some VPN gear open to denial-of-service attack Last week a Finnish university group discovered it could successfully knock out some IPSec VPN gear with denial-of-service attacks using carefully crafted packets to overwhelm a VPN gateway.The attacks resulted in several companies – Check Point, Cisco, Juniper, Stonesoft and Secgo among them – issuing security advisories and patches.The point of attack was against a protocol used in establishing security associations within IPSec known as Internet Security Association and Key Management Protocol (ISAKMP). It is the means by which two devices authenticate to each other and create security keys before setting up an IPSec tunnel.The alert from the University of Oulu in Finland said that it discovered exploitable flaws in a number of vendors’ VPN gear. There are two important things to note. The first is that this is not a flaw with the basic protocol but rather with the implementations of the protocol for specific products. If implemented differently, the protocol is safe from these attacks.Second, it underscores that customers should keep up with software updates distributed by vendors. Makers of VPN products identify such vulnerabilities themselves and correct them via their routine version upgrades without all the splash the University of Oulu got with its announcement. The type of analysis and testing the university group did to discover the vulnerabilities can be turned on other protocols, notes Paul Hoffman, director of the VPN Consortium. The more complex the protocol, the more susceptible it is to such attacks, he says. Other protocols ripe for such implementation flaws: SSL and SIP, he says, so keep your software updated in accordance with your vendors. Related content news Broadcom to lay off over 1,200 VMware employees as deal closes The closing of VMware’s $69 billion acquisition by Broadcom will lead to layoffs, with 1,267 VMware workers set to lose their jobs at the start of the new year. By Jon Gold Dec 01, 2023 3 mins Technology Industry Technology Industry Markets news analysis Cisco joins $10M funding round for Aviz Networks' enterprise SONiC drive Investment news follows a partnership between the vendors aimed at delivering an enterprise-grade SONiC offering for customers interested in the open-source network operating system. By Michael Cooney Dec 01, 2023 3 mins Network Management Software Network Management Software Network Management Software news Cisco CCNA and AWS cloud networking rank among highest paying IT certifications Cloud expertise and security know-how remain critical in building today’s networks, and these skills pay top dollar, according to Skillsoft’s annual ranking of the most valuable IT certifications. Demand for talent continues to outweigh s By Denise Dubie Nov 30, 2023 7 mins Certifications Certifications Certifications news Mainframe modernization gets a boost from Kyndryl, AWS collaboration Kyndryl and AWS have expanded their partnership to help enterprise customers simplify and accelerate their mainframe modernization initiatives. By Michael Cooney Nov 30, 2023 4 mins Mainframes Mainframes Mainframes Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe