AlgoSec Targets Security Weaknesses in VPN Configurations
AlgoSec VPN Analyzer allows users to analyze VPN configurations for security weaknesses.AlgoSec has expanded the capabilities of its firewall analyzer to provide deeper insight into VPN settings to improve security and management. The technology, called AlgoSec VPN Analyzer, is meant to fill a gap in VPN products by helping users analyze their VPN settings for security weaknesses. It has been added to Version 4.3 of the company's Firewall Analyzer product released earlier this month, and is available with either the Risk or Optimization modules. AlgoSec Firewall Analyzer is built to help users automate aspects of firewall, router and VPN administration across Cisco, Check Point and Juniper products.
By default the AlgoSec Firewall Analyzer looks at the traffic allowed through the VPN based on the rules but does not flag risks for such traffic--essentially whitelisting all traffic traversing a VPN. But for more security-conscious organizations this behavior can be overridden on a risk-by-risk basis, allowing the organization to use the full power of the AFA's knowledge base of risky traffic on VPN traffic, Wool said. Over time, VPN configurations become full of clutter, he added. "You can find users whose access has expired, users that do not belong to any user groups, which means that they have no access, user groups that are not connected to any rule so they are just dead wood," he said. "The AFA VPN analysis finds all these floating definitions and highlights them in an easy-to-navigate report that allows quick drill-down too." The product also allows users to view rules from the firewall policy that relate to the VPN, lists of VPN users and user groups, as well as the rules associated with each group.