Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


AlgoSec Targets Security Weaknesses in VPN Configurations



 By: Brian Prince
2008-04-21
Article Rating:starstarstarstarstar / 7


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
AlgoSec VPN Analyzer allows users to analyze VPN configurations for security weaknesses.

AlgoSec has expanded the capabilities of its firewall analyzer to provide deeper insight into VPN settings to improve security and management.

The technology, called AlgoSec VPN Analyzer, is meant to fill a gap in VPN products by helping users analyze their VPN settings for security weaknesses. It has been added to Version 4.3 of the companys Firewall Analyzer product released earlier this month, and is available with either the Risk or Optimization modules. AlgoSec Firewall Analyzer is built to help users automate aspects of firewall, router and VPN administration across Cisco, Check Point and Juniper products.

The focus of the Firewall Analyzers VPN analysis capability is to provide visibility, analyze risk and support cleanup operations of VPN definitions that are on the firewall--both point-to-point and remote-user VPNs, said Avishai Wool, AlgoSec chief technology officer. The vendors have convenient methods of adding new definitions, or editing existing ones. They do not have good capabilities in reporting and analysis of these definitions. It is quite difficult to find out what access does user Bob have or which users have access through rule 17.

Resource Library:

In addition to providing real-time monitoring and the ability to track configuration changes, users can also compare their VPN rules to industry standards and eliminate security vulnerabilities from the VPN configuration.

Wool explained it this way: We have to remember that a VPN is just an encrypted pipe that usually requires authentication to get into. But once the VPN is established, anything can pass through it. So, for instance, if a VPN is established from a users home net to the corporation, in principle anything that is running on the home net can potentially enter the corporate net.

Clearing Out the Clutter

By default the AlgoSec Firewall Analyzer looks at the traffic allowed through the VPN based on the rules but does not flag risks for such traffic--essentially whitelisting all traffic traversing a VPN. But for more security-conscious organizations this behavior can be overridden on a risk-by-risk basis, allowing the organization to use the full power of the AFAs knowledge base of risky traffic on VPN traffic, Wool said.

Over time, VPN configurations become full of clutter, he added.

You can find users whose access has expired, users that do not belong to any user groups, which means that they have no access, user groups that are not connected to any rule so they are just dead wood, he said. The AFA VPN analysis finds all these floating definitions and highlights them in an easy-to-navigate report that allows quick drill-down too.

The product also allows users to view rules from the firewall policy that relate to the VPN, lists of VPN users and user groups, as well as the rules associated with each group.





  Reader Comments: AlgoSec Targets Security Weaknesses in VPN Configurations
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


x}ks۸qf89Ei;RJXglRVi)8H#O/Oon|I"-dƩ6ЍFh@gkODN0 9sE1>=zk;HRkkL#6 J9AfT :,t}w5k9 -z->;|9|@DZ%SjNASm3g{zs[6gڄ2zʼn9n1 fE63'E^PtyK͂%yH=RrER{RDTe$oqX}؁䛟V9AÙML}! {#R%h!1Qu _֏[/ !X]~j4Lߵ=2hj9TN`Uƞfnaf1rx&=Ӽ@,gp'"ScOZ$ա5NIp'09Q#@gPWw,ǃj TQ3cmfZ35k-3@ؾQ̀ ݢq/#!_TBp` ZjnO,Ӈ;)xpcE[U2_#Mx6ܳL]b6zO |l ͟RAuӱCԣf'˚Q49he7EnJ6JrR-Uv╻iΝoĩq3{7;׿?-U-vݓ ? n84h;ʠm5eu{xw9=}'Z׼;Aw@򝬭&3`z LTUjryd" P}jCG'Y_g5}(D~o[v+eKc_Or ])21,REf9vG򳹥s>\^\v2\v;>ߙemfy3(?ԐJJg3F~5uVGu.Q{#+|r5 0\6:jo~91X?o!~f[ dP[w8LwF+) ?.:d[N uPG䷓)0dio,YH!)M||Y|ěE#0 i4(=m8X@/@ש] ^7WtBmT3o`2 f4.fh- @ho*KjLrM&@Sk~$M5ņ])!edF-UvIK _^PB5)\Dh+ԜjdoF" 2#~B(pHqbNE1\ni>U<<vwެ/Uմމ-~iKsI|EOg~S3G#вnZSZƦcWPد]G hS2e8l ԰2nб6lA&:~f>>QÜϚ#ͶOCGs>hH2胆6ml-։h$ ,70}Hw@zQI4gX86(Zχ`j˦Mf@B9;ǻޚA"Q]ӑ4|a qjQ]*~hs-w= } wA,߽9#z[LKx GN w (~9-WR;C/0{rI2 4.gP)AH =[h 99x |7#!bZIZ*'9Z]w{B#ԙ8CZV΍gj%eb -d[b~Il eV&vϺZLboD7], S m3-uLlYUuրO4MǦn1@.ϼs2H`0H%\Ew, fzn4 I߱n)y@la} /| `@-͚6(tsfڰ`DWjm>!4ÃiА4XԹæXg5׵Lj rG!.ql9`n5|Dg豉m>`T 4fs)wdm˴o}7UBsNPB/W2 \_&VAB5 6d:ɤPl';/+PXY3nR>jij;jk)dj~#JwC͸^`é3h{q#%IAg=e河xGud[I%7KۏR5{_No6viXZ @wei,c-3_Xtg(+c:K_j)D4$B]`}.EG?0ZMpSw{!{jaaC+eE.W۟B FU-xKʸASAlH栢>[ ҆|t ku:.PCϱ點vgȱ3 `ǟGQ,C*8cQ*ma1)T$0Sӹbp=z˸>q,?XĞ=8[%0sM^\N'9!@0m"^`iNR} ش^oZYig#*RXO%}Z*+JL$'i/#Y /-0cY]>aDm6#k CQڮ>-JL{ iYD86G[-OA]4$qx384\+1*Ly.zV}uVF0\}MДa˘32|qq&$KD\*Ѐah"pHE@xZ48~x| "KL-9HF15[%*::$fW߀ä,Cd>OM{c>4Ye a_2~2Ejw8x_ℯ= q+S8Ӈl?vқ`>sn,|tqZEL[O`c)0v *j5IdtIi6S*07G`,*S%G=ibGH rB XQVwawTʕ)ӱ%Jt$ ֹB(b_awc*Q :@;!G:0ݙ,(z,.LHT0u 70ӛ-tqS)we}ݣ&{oR&4F@2<"#8zlQ}tq@l#R9#nΚ6s}&no{WC˙Er dZIp|avKre$m@șY'ڃuItLe``l"Z`|,09|փu8Bs0X3f~7v 082tx{z&w4fG %kC-oc d#0]̞̙A5mۨ*X9 6AqHlڃ_|.n'i`M8n7=KRVӳ$R+@ekrฦm7/E) ZzhR̚ZBW}X`"m\☺bl'$o,y g@Zf2U5"m-(μ \X K  &RJj>"Gwiŏ[o( rfP#IP*~PՕGIutf*WR-%~Ur;*7xџ1XD+(++i-^2۹)6"h ޜ-cz e|⥶[-,sK"hʌg _|q[rn)tyĆ5(4]sF}A8'̕KIlϱKzk@54CodEm*ujCRˍ4E'sfL؞EA(ǡd:)dnQ==M_L7 xG?ws~̡f 02I |$*Z֫Za-și#uLJue! O.'-ojzyv~ *s>PT9ɷwf‰?؆ +~l)ɑ$ |BӪ D;}Z\c3|hhqL l]|ن^߫%&b }JV~ZgZSq= Ϛb2[?RXϭG=RV6q| Ϻ?kn|>9t? 4{o{q O,}]u~#}_?\>Iݳ?pȾ>KUw$(XM4qߵ'^I{{>:.; ixx0Z^ V\zF_ɾ,<9Aϐa~&)skc~em `!O1ߐdPޠ} J@RPOh[#vZgp=" BtX 1tJ10_RJMQhQwLG&)_(0[IӷoHW蘧Y;D{_q)=?E]i'uHt׉ NAn|:p_<}9r 7yKP -M:{dj#N M5W"ȶv=Ok?8 cl9w{aRݩ$B~(Jk7iQE%eތ9rtJ%SBt+a/2H PW3'I^VR6T$UT%!T4ALNbC]ґ_'8 $O kr7isq/P{a%yxrŹ2k85(A}NHlAJiIgԢᬖ^} ɏx: a!? $LGNnRB>?%ݛf0zX4b`+awʜW#Sa, ?Y ./Cv6c>&k ?ȄZ)A0ng=w6OHE{ lh_D(Vp)hh*6fx,0eLˍ^'\/_zТM.ȳK&p!`J. (i:uE(@}:3mXZ-'.k2G ŒنC3p.:8 Bjނ+IO&_ap/G1JF>b&'ˤkSv#zK}?)B3L(n WIxH]>PkIr|4&b yӱ 15ψrj.E<~z{da+Ol/* f&Ljjq{+`1Ƞ Nt A*!p:ɄY콓8nhG],OM̥,<' (}'I̐\Nxd09_B4AW,*=O;i,OyM4q9mʜChӔ׆.-{bއx=zgQzŌP?w:q]l _p#%ͫ%%IXǻ*H,IlvI-V{?g 6m8)O(+8E(edNcDHDj/.O푥LKɄKHxrߗj\BZŠ:4?&!h.";& BRD({HIZʕoFIzWlnAѕERorXR}KۦK=E)C s 0Zi3~,#U9vǞedt"-]ll-y1LYeH4jl]" ]/`W{0NOAͳ`K,KX/\wKeRUs!$!@|Dz!aoBIBjlL֦o<Y׽`Ι(fy0d H̳ _!xD9 LZY% wMWw;B f6s}<.Υ&HÔC}\%бobF2Z|URuRH]{iJB-?ErF7Jb Y ^8l0/!'p7ϣBL\u7eTVe̿JaIqo4taopliwy6 a H Xm)1Lm] J'sa+d _8F{t5555[Vmwk% TʕAʷslS,+VSeO705&T}$imƚ~Ksn&x'=4O}]`)cһ.^#kl.YY(_>RFp`fچKW) tjtf 3D HP!W p@?!}kwʋs j~@gsmR'Ft7{,fQA ^R)8>G!!t5gW&[b/B Z7'-!Ija}iK鬙IMX5i]CD^5<"g.sFsG"vF,GKc;;'$P42u}NBf`%-,bvm0ߎ2z5-*'\k3ܹicV/-W$|N <_:˵R`Ja!W( cEFNeHcPwRSOx2O>D$4ٗ"_HX@eyCHCywwww7Z ܊A:^w:JkͺLm7ed%?+009-09a $PF$7ڈ=!/d`J֓_}}'i CWJ3眜xyYl^U>݀3J)j ,v̈] !M/MO Bkw^ھ@<}aX 0>>`*RL8/ HT+S0vW`Zy=s~> RO\y pA-hfkfVM4[ͮWH hl %A3sKR+!ϤN ^߷Jk^x K)^g! Qdb/LoWgwg+DFfxݧs"|PbsQk5_@м1W6/gP_s~~V!BXdzlaA o}{wZ^7o&^ -g {-w&%?kޭ+=r}RΥK3\k\-p_Be/1+ڇ˹1Ȇ33ʮ{eTrf a y'&AS|LfER ow j>_m_uau"^ej/y*jjۈYѣ3.zWʒXjjN 82o}6w/szl~Ji&2DF$4866 g3&e< -~h$=|2Eb9["O<@1ol;6!3hn%-~ _W/K}~k hoqfhZ|WmY@{4I5%1Y~Gj OQ5)b6PCὺř{oo[*똟f ][G?ݝҎ)X67͌%g+hV9TFˎhF!i3OI}bPhEf?xT&ݤ>e0CIͦ6l0a::M\Jџ󒩲C~RBq+Pd0ӆf?nW¤Zt'O|oD2~^AJp )O0𷂛q'H| C<얐D4^٭֜rc[^tpSWe~ǍP&-^%8I B(lF]-8"6,Aˢǭ~ 'T(uNsUJ(aZ¶cWF؇RjJ!/DȮ0q aI{ŝB&sǘ$yqcEMu&  ka&blH'p.JI+CAE! ;|StOFpxҲfz0lshh,vxCTȥ}L1N^UVK.}KBG2KN+tW BZcěiWes[ɣ.j"+ jD:-~0~i1]Hist3#mz^C GJk&`;׏j=!vc` /J.қ≠D37:U g Ñ766"On@)?p'찔?1L;w%O Э%Rg̉ЍHP-$i7osso@ eˡWqUc\oF0Iv|E!b0ޛK{UZ^ ȩ'9fs[O?qEG;66CknBrӔTB}F}kzW'b^i90b\,9+Ԉ xfVVmmq.]fRFJNaD5vm2@4k Ex}#rvc&kq{ZK`@6cZ&F:#ZOiJ7:]|_'ʄsA) yfO L=& ]K!T4w\#P |¸)C7gq+\Wd}exxJ"rG:Leֳh܃}dMM E.MFoʥZ}GQoIgo4|x}A6ڄyi$Y c r+3\Ixc#2k3dt rF@Yj$GP56:iuvwsG@F,LCBXțEiN@{ 죋B>vg7,cL@Nxl0WftA-==Xuh c>zS=!eA1H3S~7;׿^K21"9'ph\`sr8@KdxL*2&Bs879|_LqsnOKZ&6@@P0H73Aƞ3#H%bNx ֭9Ӷ; 8 NwiXlcZ|"{X#&3(- 9;&߁$F'sAc "PZ: 9C)~bJ ͍$u~`:>"(S[]ă0>]w7h3w?hMqWIg#j!z``z\oN5Ҏ|{#w` > cI cRC´vxСҨ<>& .ycI ^yN4[LTMOόu;5u_F`p3W .5z> MF Ke>gٕa)豢TK_oSw^7ke] =M蕴B*^͂Șp/Y40um>1}3|4 틋OwI!Š;'5M¶V-Z#e>.>w;Aulz0c^lT[d_T ΓQ9>ou283Osm.4 "G;́N}Q X\msdiÓ(?NE_VCTĨҫSm0LL⷏.;O֚C|zƫx]n1r;ZTmx9j0}P܄qP ";w Фo%uۧ9B9C9P~]~NmS>.?ur0sC9?ft nvyC9CL<B~N'(]~ Osl:3,3{C3Y}π?r ,?QFs?(?)# ra|s{剹?|K2xi0<>ۓ{o\pmঠϻJ6X-aીOWKiMnڧ\Dpqk;ُϋGkwʈPkvdoCdx^$ lOݡσfţu6T+6:5DQ3[ Cs H04{zY5~8=has;Ğ^ytxaYf,!h*x4}s&pN!3J8?0 fZgޥ8_Ѱs3@ j:} =sqk85c[&4IZEU+J~+z^+%Ræ;DDCR(R]N-Ukj0X\^9Q(Fu鯛*K0fE=q̐ga1Vo1BDO"׏ щ,FS$We",d 'ݢȗጝWv,P@pTB Pkkq =v XI+?b{I2hؐM ؒ9i'bC'M3L3,O~f+gm تGnѨs)gL=[  :\A>|#gZ:>dp!gB-ҋKt^upOaDK*3#X]M['lyb*b)m+ H:H-I_B+u{̪E}{Q!rE>D9 o[ p M,_zfҸt!+RIvM- >qFf|6h_u4b5V$3x_%05:%xlӍQfrs^f$W"nr37{P y !n Aflk8cyUW7-Ë'/Հm&"Plm׵v1LOMaew`/?\vi Cy2#0' MĮ+fAj|j{vI={N> a"q0q/.X&";>m?'&}B5+J "@"dش5[Pŗ ;wf3F)f'FFp)hN<}zվlQ޺%qmdx]aiЀΧ^p㩎TU|J6A1q! ixE C2z l|$_Oxƪ~Saxr='з57b([| Ӽi!zQ;` 삧p ?dtE#b]p!@>pE5g2QTD Q)Yb$sLw99jE 8"U][Z]9`^|˼+AѾYm70w>L/#=Z$c`WH؂{XiS1RpCV)tO勰CFt3B+W5`/=H_qSGgp#14VB\(ctgf˟]lӁQ#5lLTFELmQaS:~50('|N5usfODME>m*;Ѝ A\X3' X<޳sW=?5^6Љeώz/p2$82#" $8jVI[[abV XŢȖWqTR:!; دD?8  ciL;acXJXF!& 7O80Ux|-h\l}[Mp,S0#ŸEr,En o%]r*'A-~{e75w SF ]L"U s3v=nBM .&DW6K54Ƙb޻Yy&L{څGSE6:|,݈bVS"Nd׊ I-9-9N*D%la,9r3 ˅Ej f.t1R0NxqBaʩȩ(v}_|JѬd;j +sO{ |p <ø0+n:' wX[EsB({}=C* v*`Ng>!2D!6xN`oEawş7}#)h,=P$DQ' AHc.GGɊxYֿa(X[ECh⍿c014ߛi4A$摍7yE1um*dTi׺vᷮ gSXM) d.%rR⊫+EiQm&' CfGJ܄;66BKFslx616U)