How can misconfiguring VPN clients lead to a security breach? Do you have any VPN security tips to ensure proper VPN client configuration?
A virtual private network (VPN) operates pretty much in binary mode: Either the secure connection is established or it isn't. If the secure connection does not successfully complete, it is not possible to send traffic to the secured resources. So there is little room for security breaches. However, VPN security breaches could still occur in subtle ways.
Here, I will focus on the IPsec VPN, which is the most secure VPN technology in deployment today. The SSL VPN has a complete set of separate challenges, particularly in conjunction with the use of Web browsers. Despite the perceived notion of the clientless SSL VPN, the Web browser is a critical client component of SSL VPNs. The convenience that comes with the proliferation of Web browsers has major security implications in the way the actual browser is being utilized and where -- which can lead to significant security breaches.
More on configuring VPNs
Understanding the security implications of configuring VPNs in transport vs. tunnel mode
Returning to the classic client-based IPsec VPN, keep in mind that each VPN connection has two parties: the VPN client and, on the terminating end, the VPN gateway. Misconfiguring VPN clients to compromise security can occur in the manipulation of Phase 1 and/or Phase 2 proposals of the IPsec connection. If the client is configured to work with AES128, for example, and the user changes the encryption algorithm to DES (assuming the gateway allows DES as a valid security proposal), this would constitute a severe reduction in overall security because DES has much lower encryption strength and can be easily compromised. Thus, some control can already be exercised from the gateway end to not allow security protocols that do not meet state-of-the-art VPN security.
Another more subtle potential security breach can occur when users randomly change VPN client parameters, such as the pre-shared key. The value is normally not known to the user, and this will result in the client not being able to establish a VPN connection. The user will then try to obtain the correct VPN configuration parameter to make the client work again. During the transmission of this critical security parameter, security breaches may occur. For example, the key might be sent via email, maybe even to a user's public Yahoo, Gmail or Hotmail account. Or, the key value could be observed or overheard during a phone conversation. If the VPN client includes other security-relevant functions, such as a client firewall, things can get even more dicey. Changing critical client firewall rules that are meant to protect the access device can introduce significant vulnerabilities.
All this can be avoided by distributing a preconfigured VPN client with a locked-down configuration. The VPN configuration lock will prevent any unauthorized changes. Additionally, fully managing the VPN clients allows the network administrator to change configurations on the fly or roll back VPN configurations. The management system will also ensure that identical and valid configurations are assigned and transferred to the VPN clients, which avoids misconfiguring VPN clients in the first place.
For more information, check out this feature to learn why VPN management is still indispensable with the advent of cloud computing and BYOD.
This was first published in September 2012