Security News

Rambus announced the availability of a high-performance IPsec Packet Engine with integrated DPDK and companion key negotiation toolkit capable of securing 5G network traffic at data rates from 1 to 10 Gbps. A complete IPsec solution, the packet engine can be easily integrated into SoCs for a broad range of 5G devices from base stations and cloud, to gateways and end devices. Offloading cryptographic operations to a dedicated IPsec Packet Engine streamlines processing and enables network traffic to be moved securely at line rate.

Used within organizations of all sizes for remote connection to assets and for telework, VPNs can deliver the expected level of security if strong cryptography is employed and if admins perform regular assessments to identify and eliminate misconfigurations and vulnerabilities. Thus, the NSA recommends that network administrators avoid default settings and reduce the attack surface of VPN gateways, ensure that only CNSSP 15-compliant cryptographic algorithms are used, remove unused or non-compliant cryptography, and keep both VPN gateways and clients up to date.

The attack targets IKE’s handshake implementation used for IPsec-based VPN connections, opening the door for MiTM attacks or for bad actors to access data carried in VPN sessions.

A researcher challenges a conclusion in a recent academic paper on weak Diffie-Hellman implementations that claims 66 percent of IPsec VPN connections are at risk.

http://marc.info/?l=openbsd-tech&m=129236621626462&w=2 List: openbsd-tech Subject: Allegations regarding OpenBSD IPSEC From: Theo de Raadt Date: 2010-12-14 22:24:39 Message-ID:...