Kowsik Guruswamy, co-founder and CTO, Mu Dynamics
November 05, 2008
Threat of the month

Attack on IKEv2

What is it?

IPsec-based VPNs secure communication over public network infrastructures for remote workers. Before the VPN can protect the traffic, a precise sequence of complex events must occur: the user is identified and authorized, then a session key is securely negotiated. The final key must only be known to the two involved parties.

How does it work?

The complex protocol that performs these tasks is known as Internet Key Exchange (IKE, currently IKEv2). It derives session keys that permit Internet Protocol traffic (IPv4 or IPv6) to be encrypted.

Should I be worried?

This complexity is real. An unauthenticated attacker could crash strongSwan [open source IPsec-based VPN solution for Linux] using only the first IKEv2 packet.

How can I prevent it?

The best defense is to upgrade to the patched version of strongSwan. All IKEv2 implementations should be subjected to variations on real-world service-level traffic throughout the deployment life cycle, continuously establishing that they tolerate unexpected or invalid inputs without experiencing service degradation or downtime.

From the November 2008 Issue of SCMagazine »
Similar Articles
close

Next Article in Features

Sign up to our newsletters

More in Features

Suspect everything: Advanced threats in the network

Suspect everything: Advanced threats in the network

Are there ways to catch sophisticated malware that hides in trusted processes and services? Deb Radcliff finds out.

Urgent care: Safeguarding data at health care providers

Urgent care: Safeguarding data at health care providers

Health providers have pressing reasons to now embrace security, says INTEGRIS Health's John Delano. Karen Epper Hoffman reports.

Deciphering cloud strategy

Deciphering cloud strategy

There are steps security pros can take to achieve greater peace of mind with cloud implementations, reports Alan Earls.