what is the word
Subscribe About Mail us
SciTech News - Major flaw uncovered in Internet security protocol

Major flaw uncovered in Internet security protocol
Finnish researchers at the University of Oulu claimed on Monday to have exposed a serious deficiency in the Internet Security Association and Key Management Protocol, or ISAKMP.

This technology is utilized in IPsec virtual private network and firewall products from a variety of networking companies which comprise major players in the market like Cisco Systems and Juniper Networks.

An advisory, released by the British National Infrastructure Security Co-ordination Centre and the Finnish CERT said that the amount of damage likely to be caused varies depending on the software vendor.

According to the advisory, this blotch in the Internet security protocol might lead to denial of service attacks, format string attacks and buffer overflows. Not only that, the flaw could also cause shutting down of devices and sluggish data communication on the Internet. There are believed to be more spiteful consequences like the hackers being able to execute code and hijack a device.

Sponsors
The ISAKMP establishes secure links over the public Internet. This is a very crucial section of IPsec as it encrypts packets and creates safe channel for traffic which travels over the public Internet and into a corporate network.

IPsec is generally used by big corporations who have small branch offices to safely link their branches to the headquarters. Distant employees too make use of this mechanism to gain entry to their companies' internal networks.

Both Cisco and Juniper admitted that some of their products were threatened by the security flaw. Confessing that the fault might lead to denial-of-service attack, Cisco however wasn't sure that it would expose the device to a third party. The San Jose, Calif.-based corporation is giving free software upgrades in an effort to repair the hitch and so has come out with a security advisory.

Among the products having to face with the repercussions comprise Cisco IOS, Cisco PIX Firewall, and Cisco MDS Series SanOS etc.

A Juniper representative informed that they have been aware of the issue from June itself and so the software available after July 28 don't come with the problem. Juniper products affect include all of its M-series, T-series, J-series, JunoSe Security software et al.

The Openswan Project, which is IPsec software used on many Linux products, is also vulnerable to attacks.

Networking gear vendor 3Com mentioned it was still investigating if any of its products have been affected.

IBM and Microsoft informed no damage was done to their products.
Written by : Jun Shen | Published on : 07:21:00 EST Tue, 15 Nov 2005
Of interest »
» Microsoft's Live gamble
» Google lures potential customers
» Symantec report highlights shift in the nature of online criminal activity
» Sprint and Real in Rhapsody partnership
» Internet Wars spurred on by Microsoft declarations.

New News »





Something to say?

Title
Your Name

Your Email


Enter this code Below

  


© 2006 What is the word | All Rights Reserved
RSS Channels » Money | Showbiz | SciTech | Lifestyle | Travel | USWorld