Here we go again….

If we thought that the recent Fox Kitten APT discovered last month and the news about vulnerable VPNs were the end of the attacks on our VPN (Virtual Private Network) and remote access solutions, then we woke up this week to even worst news….and it’s not CoronaVirus related…. It seems that a new and very dangerous remote code execution vulnerability has been discovered. This vulnerability has apparently been around since the early 2000 and it comes installed on almost all Linux based operating systems. Ok, so one would say – “yes, just another vulnerability…I’ll patch my systems…”, but how do you find all your relevant systems in order to patch them? As opposed to previous vulnerabilities, this recent one, named CVE-2020-8597, effects Point-to-Point Protocol Daemon versions 2.4.2 through 2.4.8 — all versions released in the last 17 years, which means it’s one of the worst vulnerabilities issued in recent years. It’s a vulnerability which directly effects our VPN gateways (most of them run on Linux) and remote access solutions. Just to get the feel of why this vulnerability is so serious, here is what has been disclosed on the vulnerability – “…can be exploited by unauthenticated attackers to remotely execute arbitrary code on affected systems and take full control over them.”[1] This basically means, an attacker can send a malformed EAP packet to your VPN gateway and take control of it, essentially getting the keys to the kingdom. Ok, so we agree it’s serious, now what? One option is to run and patch our VPNs and remote access solutions, which after 3 different attacks, seems like an uphill battle. Another option is to deploy a solution which is not affected by such an attack and can either replace your VPN or can act as a second line of defense to your VPNs. At Safe-T we have you covered with our Zero Trust Network Access (ZTNA) product family, and specifically with Safe-T ZoneZero^TM. Safe-T ZoneZero is based on ZTNA and SDP (Software Defined Perimeter) concepts and is designed to provide secure remote access to corporate resources. ZoneZero is designed to act as a second line of defense after your VPN gateway. It adds a layer of zero trust to your VPN, keeping your users off the network while allowing them to access your business application. All this without changing the user’s behavior. ZoneZero Architecture Acting as a second  line of defense for you VPN, ZoneZero provides two main functions:

1. We pass the function of 2FA from you VPN to ZoneZero – so in case your VPN is attacked and authentication is bypassed, the user will not be able to jump from it into the network, as ZoneZero is the one issuing the second  authentication factor.
2. We break the data tunnel – after successfully authenticating the user (first factor by VPN and second  factor by ZoneZero), the VPN will pass the user traffic to ZoneZero rather than the internal firewall. ZoneZero utilizing Safe-T’s reverse-access technology passes the user’s data packets to the internal firewall. This prevents any user from trying to bypass the VPN and enter the network, and authenticated users are granted application level access, rather being tunneled into the network.

And the best thing is that it is also impervious to the attacks we discussed, since it’s external facing component (those connected to your VPN gateway) does not contain any software which can be compromised by the aid vulnerability, so even if your VPN is attacked, ZoneZero will prevent that attacker from ever reaching the network. So instead of running and trying to figure out how you patch your VPNs or remote access solution, hoping the patch will also prevent future attacks, come speak to us and we can figure out together how best to improve and secure your remote access solution. [1] https://thehackernews.com/2020/03/ppp-daemon-vulnerability.html?m=1