This is because the utilities are essentially made to bypass some sort of firewall, whether it be geo-blocking certain countries or for encryption of your traffic so certain agencies can’t view it. That works some of the time, but most of the time it won’t. You may think that blocking certain ports and protocols is a surefire way of blocking the traffic from going through your network. So unless you have a very open policy when it comes to internet practices in the office, you might want to consider monitoring or even blocking VPN traffic altogether. This often includes gaming, BitTorrent over VPN (downloading copyrighted material in most cases), and video streaming sites. This blog aims to go over a couple technologies you probably already have at your fingertips and how you can use IPFIX/NetFlow analytics to track this nefarious behavior.Īlright, in the very likely case that you know what a VPN is, you are probably asking yourself, “Why should I need to track this?” For starters, it can allow end users to bypass your firewall and do whatever they please. This is why we implement strict ACLs and segregated VLANs on the network, and why we look at things like Deep Packet Inspection (DPI) as well as SSL DPI to help us gain insight into encrypted traffic. This could be something harmless but forbidden like video games, or a major threat like the latest APT that was just uncovered. One of the biggest concerns for a security or network engineer is tracking potentially unwanted traffic on the network. I don't know how common it is in other sectors but having networked with a lot of IT professionals and done enough contract work, I've seen enough companies doing this where I would only access non-work related sites on a guest network and never the employee network.Detecting VPN traffic on the network is a use case I hear daily from school systems ranging from primary schools all the way up through large universities. I agree with what but some companies in certain sectors are required to do this in order to block certain traffic (this is especially important in the financial sector where data is heavily audited and the government needs to ensure there's nothing illegal going on like insider trading or ponzi scemes, it's also common in sectors where the employer has a high liability like education and health, I have seen it at technical companies who take extreme measures to protect their intellectual property). If they use proxy/firewall appliances then it's even easy and probably built into the appliance. The use of it should only be done when absolutely required and in my opinion made very clear to users that it is in place and not to use internet banking etc, having it on can be a legal risk if used improperly or not fully Is it really that easy to inject certificates into a vpn tunnel?ĭepending on the network setup it's really easy. Personally I'm in favor of not doing this kind of network inspection as it breaks the fundamental purpose of SSL, PKI, encryption etc and is an invasion of privacy. Network security people would call this SSL Inspection or Full SSL Inspection but that is just a pretty name for Man in the Middle Attack. Without this direct control someone would need to get between your traffic and the destination, dns exploit etc. What gives them the ability to do it so easily is that they are in control of the network equipment that your computer must connect through to get internet access. Is it really that easy to inject certificates into a vpn tunnel?įor example if I'm using public wifi at a mall and someone sees me connecting to a vpn could they do that to be able to decrypt my traffic? Or is this a completly different situation?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |