resource center
  See your link here
|
IDG News Service -
Virtual private network products from a variety of vendors, including Cisco Systems Inc. and Juniper Networks Inc., are vulnerable to a denial-of-service attack because of a bug that was recently discovered by researchers at Finland's University of Oulu.
The flaw affects a component of the IPsec protocol used by VPN software and hardware to securely exchange data over the Internet. While there is some risk of affected VPN systems being taken over by attackers, a more likely threat is a denial-of-service attack, in which machines would be forced to reset repeatedly, jamming up networks and causing headaches for users.
"This issue is ... very important to you if you are using an IPsec VPN," said security research center the SANS Institute in a statement posted to its Web site. "While this is not as severe as remote code execution, it can still break a business if critical network links are impacted."
The problem concerns a component of the IPsec protocol called ISAKMP (Internet Security Association and Key Management Protocol), which is used to send authentication data within IPsec. By sending specially crafted ISAKMP packets, an attacker could launch a variety of attacks, the U.K.'s National Infrastructure Security Co-ordination Centre said in a statement.
The bug was first reported Monday, and by Tuesday a number of vendors had posted statements on the U.K. security Web site explaining how it affects their products.
The bug has been reported in products from Check Point Software Technologies Ltd. (free registration required), Stonesoft Corp. and Secgo Software Oy in addition to those of Cisco and Juniper. Researchers say that some operating systems are also affected, including Sun Microsystems Inc.'s Solaris. IBM's AIX operating system and Microsoft Corp.'s products are not affected by the bug, the two companies said.
IDG.net
Death to PST Files
Download Now
Business Process Framework Demo
Learn about Configurable Business Processes and Calculated Fields. Watch Now!
A Green Architectural Strategy That Puts IT in the Black
Levergage green computing across your data center. Read more now.
Manager Experience Demo
Go beyond self-service solutions to perform more effectively. Watch Now.
Quantifying the Business Value of VMware View
Learn why you should invest in a centralized virtual desktop.
WAN Optimization as a Managed Service: More than Network Cost Savings
View this Webcast Now!
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
Asia-Pacific Enterprise Network Solutions
Learn through this Webcast how your business can achieve reliability, performance and value in hard-to-reach locations within the Asia-Pacific region.
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Mainsoft Webcast w/ Forrester Research: Drive SharePoint Adoption in Lotus Notes Shops
How can you drive mainstream user adoption of Microsoft SharePoint when your users rely on Lotus Notes?
Sign up to receive updates on the latest Networking and Internet resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2010 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
