The National Cybersecurity Center Norway (NCSC) strongly advises organizations to replace SSL VPN/WebVPN with safer alternatives due to frequent cases of vulnerability in network devices. This measure is aimed at protecting corporate networks from hacks and other cyber attacks. NCSC emphasizes the need to complete the transition to new solutions by 2025. For organizations subject to the “Law on Security” and critical infrastructure, the deadline is the end of 2024.
NCSC recommends replacing SSL VPN/WebVPN products with solutions based on IPSEC using IKEV2. Unlike SSL VPN/WebVPN, IPSEC with IKEV2 provides a higher level of security due to the encryption and authentication of each data package, reducing the likelihood of successful attacks.
IPSEC advantages with IKEV2:
SSL VPN and WebVPN offer safe remote access to the network via the Internet using SSL/TLS protocols, creating an encrypted tunnel between the user device and the VPN server. However, frequent vulnerabilities in these protocols make them less reliable. While IPSEC with IKEV2 also has shortcomings, NCSC assures that the transition to it will significantly reduce the attack surface for remote access due to less resistance to configuration errors compared to SSL VPN.
Practical recommendations from NCSC:
- Reconfiguration of existing VPN solutions or their replacement;
- Migration of all users and systems to a new protocol;
- Disabling the functionality of SSL VPN and blocking incoming TLS traffic;
- Using authentication based on certificates.
In cases where IPSEC connections are not possible, NCSC suggests using broadband 5G connections. For organizations whose VPN solutions do not support IPSEC with IKEV2 and need time to plan and implement migration, NCSC offers temporary recommendations like a centralized VPN activity journal, strict geographical restrictions, and blocking access to VPN providers, Tor’s output nodes, and VPS providers.
Similar recommendations for using IPSEC instead of other protocols were also given in the USA and Great Britain. Various vulnerabilities in SSL VPN implementations, found in products from Cisco, Fortinet, and Sonicwall in recent years, have been actively exploited by hackers for network hacking.
For example, in February, Fortinet reported that Chinese hackers used two Fortios SSL VPN vulnerabilities to hack organizations, including a military network of the Netherlands. In 2023, operations using AKIRA programs exploited an SSL VPN vulnerability in Cisco ASA routers for hacking corporate networks, data theft, and device encryption.