Barrier1 identifies flaws in SSL-VPN
Barrier1 identifies flaws in SSL-VPN
SSL-VPN’s have become very popular. However, there are several security flaws beginning to become understood. The use of null characters has been used for exploits for several years. The concept is to insert a string of 0’s in key areas. This has the effect of alerting, changing, or redirecting depending on when and where this technique is used.
In SSL-VPN certificates are used. When a string of 0’s or some other strings are inserted, hackers can re route a user to a site they were not intending to go to. This can also allow access to host computers.
Barrier1 with its ability to inspect all 7 OSI layers and Intelligent Behavior Analysis known as “AARE” inspects for null character insertion from multiple points of inspection. Whether this technique is used in the application code itself, like SSL-VPN, or from a data stream that has been altered, Barrier1 will identify and stoop this technique.
Posted in Uncategorized