IT industry goes from worst to best for VPN security
NTA Monitor has discovered that IPsec VPN security in the IT industry has improved to such an extent that it's gone from being the least secure to the most secure industry sector in a year. The results are revealed in NTA's VPN Security Report 2007 and show that IT organisations have a third less vulnerabilities per test than those IT organisations detailed in the 2006 report. Tests were conducted on organisations in a variety of sectors, including charities, finance, government, IT and not-for-profit.
Hills, Technical Director at NTA Monitor, said: "Although the IT sector has clearly improved its security over the past year, that's not the case for everyone. On average, nine vulnerabilities were found per VPN test performed in last year's report; that figure has risen to 11 in this year's report. 73% of tests also discovered at least one medium level flaw, indicating that external users may be able to disrupt services or potentially obtain unauthorised access."
Of the risks discovered in all tests performed, 16% were classified as medium level risk which may allow external attackers to disrupt the VPN service or gain unauthorised access to the network and the confidential data held within it. The majority of vulnerabilities, 65%, were rated as presenting a low risk, generally involving the leakage of information that could be valuable to attackers. The remaining 18% of vulnerabilities were considered informational, and as such, issues are typically linked to poor housekeeping and lack of attention to the fundamentals.
The report's recommendations include operating VPN connections through a dedicated VPN system rather than a firewall, improving encryption and authentication methods and undertaking regular independent security testing; the report is available from NTA by emailing marketing@nta-monitor.com
This article was first released on: 7th August 2007