You are here: silicon.com > Software > Security Strategy

Security Strategy

Security flaw found in IPsec VPNs

Even lazy hackers could crack encrypted comms...

Tags: niscc

Printer Friendly Email Story RSS

By Dan Ilett

Published: 12 May 2005 16:55 GMT

The UK's National Infrastructure Security Coordination Centre (NISCC) has issued a serious warning over the safety of IPsec virtual private networks (VPNs).

On its website, NISCC said a flaw in the IPsec VPN protocol could allow hackers to obtain a text version of encrypted communications with only "moderate effort".

The flaw, which NISCC rated as 'high risk', makes it possible for an attacker to intercept IP packets travelling between two IPsec devices and modify the encapsulation security payload - a sub-protocol that encrypts the data being transported. This could ultimately expose this data to an unauthorised third party.

NISCC said: "By making careful modifications to selected portions of the payload of the outer packet, an attacker can effect controlled changes to the header of the inner [encrypted] packet... If these messages can be intercepted by an attacker, then plaintext data is revealed."

NISCC has published a number of solutions to this issue.

Dan Ilett writes for ZDNet UK

Add Comment Add comment  Printer Friendly Print story with   Email Story Email story  
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Reader Comments

You firstly have to intercept the traffic, capture...
Ajaz Poswall @ Diagonal Security

Click here to see all

Related Links

Users and providers warming to IP VPNs

Secure remote access - the way to go

BT says: Protect your network from professional hackers

Good Times Restaurants Turns to eSoft to Take the Bite Out of Internet Threats

Restrict access on an IPSec VPN tunnel with this member-submitted script

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Nick Heath Your top HR tech priorities for next year revealed How to make human resources IT work for you

Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business

Leaked report reveals billions in budget cuts for public sector IT

UK ID cards rollout hit by delay as launch date revealed

Bletchley Park's World War Two codebreakers in their own words

'You're responsible for your own wi-fi security' say ISPs

'UK must up privacy safeguards following Phorm'


  • Jobs
Protocol Stack Development Engineer - Embedded C, RTOS, 3GPP comms protocols; Cambridge, to 35k

Strong embedded C development skills are essential, ideally in a real-time environment with 3GPP comms protocol stack experience. Keywords: embedded ...

FIX Protocol Support - Perl - Electronic Trading - Permanent - London

FIX Support Analyst with strong client facing skills required for a leading boutique financial software organisation. Based in the City of London, ...

Datacentre Installations Engineer - Blue-chip

Report fault or warning indicators to Operations for resolution by technical teams. Designs to ensure our data-centres use space, power and cooling ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.

JD Edwards Spotlight Video

CEO Dashboard Management: Why Creating Visual Reports You Can't Hide From Will Help...

Virtual Private Servers (VPS)

Looking for a fast payback? 10 Minutes with Free Tool Can Save Thousands

Martin Brokers cashes in on back-up swap

VocaLink makes virtualisation pay

Sony Pictures sets sights on best IT Oscar

Co-op Group kicks "server sprawl" into touch

Arts Council gets tech troubleshooting boost

Torex tech treats Thorntons to quicker sales

Stories from the web...


Anti-ageism legislation isn't working, say IT pros

Leaked report reveals billions in budget cuts for public sector IT

Mini laptops, codebreaking, Wikipedia and why there's no 'British Google'

Recession fuels fears of UK jobs being sent offshore

eBay app lets users bid from a BlackBerry

ID card database: 500 names added in first month




Quick Sitemap Links: