The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks.

The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks.

  • cron@feddit.deEnglish
    5·
    8 months ago

    Does anyone know why SSL VPN is more insecure than ipsec-based VPN? Is there a technical reason?

    • IHawkMike@lemmy.worldEnglish
      10·
      8 months ago

      From the article:

      While the cybersecurity organization admits IPsec with IKEv2 isn’t free of flaws, it believes switching to it would significantly reduce the attack surface for secure remote access incidents due to having reduced tolerance for configuration errors compared to SSLVPN.

      Basically, every vendor has their own implementation of SSL VPN as there is no real standard, whereas IPsec is mostly vendor-agnostic. And you effectively need to keep an open web server to receive the client connections, making exploitable misconfigurations or vulnerabilities much more likely.

      • taladarEnglish
        1·
        8 months ago

        On the other hand IPsec has no real way to negotiate crypto parameters so those stay whatever you initially set up forever, even if those algorithms have known exploits or become insecure in other ways. Also, there are incompatible vendor versions of IPsec too.