You are here: silicon.com > Software > Security Strategy

Security Strategy

Security flaw found in IPsec VPNs

Even lazy hackers could crack encrypted comms...

Tags: hacking flaw, niscc, hackers, ipsec vpns

Printer Friendly Email Story RSS

By Dan Ilett

Published: 12 May 2005 16:55 BST

The UK's National Infrastructure Security Coordination Centre (NISCC) has issued a serious warning over the safety of IPsec virtual private networks (VPNs).

On its website, NISCC said a flaw in the IPsec VPN protocol could allow hackers to obtain a text version of encrypted communications with only "moderate effort".

The flaw, which NISCC rated as 'high risk', makes it possible for an attacker to intercept IP packets travelling between two IPsec devices and modify the encapsulation security payload - a sub-protocol that encrypts the data being transported. This could ultimately expose this data to an unauthorised third party.

NISCC said: "By making careful modifications to selected portions of the payload of the outer packet, an attacker can effect controlled changes to the header of the inner [encrypted] packet... If these messages can be intercepted by an attacker, then plaintext data is revealed."

NISCC has published a number of solutions to this issue.

Dan Ilett writes for ZDNet UK

Add Comment Add comment  Printer Friendly Print story with   Email Story Email story  
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Reader Comments

You firstly have to intercept the traffic, capture...
Ajaz Poswall @ Diagonal Security

Click here to see all

Related Links

Users and providers warming to IP VPNs

Secure remote access - the way to go

BT says: Protect your network from professional hackers

Performance of Hardware-Accelerated IPsec VPN Systems

Apple plugs 31 holes in OS X

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Ruth Hoy Legal Eye: Who's tracking your online trail? Putting privacy under the spotlight

Louella Fernandes Quocirca's Straight Talking: License this software Time to get your house in order

Chrome future, vintage PCs and credit crunch IT

Phishers cash in on credit crisis

Police fraud centre ready for takeoff

Do you have what it takes to be an e-caped crusader?

Can £7m dent £105bn cyber crime menace?

Brits lose £120m to foreign card fraud


  • Jobs
Cisco Engineer Role 6 months + Brighton

Ability to use Cisco, Fortinet, TCP/IP, IPSEC VPNs, IP routing protocols, VLANs, DNS, SMTP, Leased Lines, LES, xDSL, ISDN is all a prominent part of ...

Network Support Engineer - South London. Start ASAP

The Ability to use Cisco, Fortinet, TCP/IP, IPSEC VPNs, IP routing protocols, VLANs, DNS, SMTP, Leased Lines, LES, xDSL, ISDN. Essential skills and ...

Network and Security Engineer (Security Cleared)

Essential: Strong data networking and security/Firewall skills Customer focused Team player Hands-on skills or experience: -Nortel -Cisco -Wireless ...

CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.

10 Keys to Successful Scrum Adoption

Optimizing Agile for Your Organization

Capitalizing On the Sea of Change in Enterprise Resource Planning

The Benefits of SageCRM Internet Architecture

Microsoft updates boost law firm security

Yo!Sushi going all IP

Bracknell Forest reaps virtual rewards

E4 embraces web 2.0 audience

Danone on health kick with Itil

Law firm gets SaaSy with email security

Stories from the web...


iPhone 3G woos users to dump carriers

2012: Embedded wi-fi in one billion devices?

Microsoft allows developers below the Surface at last

IBM follows Microsoft into the cloud

Lords to debate security progress of "wild west" web




Quick Sitemap Links: