T 3.90 Incorrect administration of VPNs

The incorrect administration of a VPN end point can threaten the availability, confidentiality, and integrity of the networks involved. This therefore poses a potential risk to secure operations that cannot be overlooked.

The following aspects must be taken into account for VPNs, among others:

• Routine security-related tasks are often neglected on a VPN client. Such tasks include, for example, regularly backing up the data or scanning for computer viruses. Mobile VPN clients in particular are usually taken along by their users and are therefore difficult to access for the purpose of system administration. It is possible to administer the client remotely over an open VPN connection, but the connection times may be too short (depending on the usage profile) to perform remote maintenance properly. If the administrative tasks are not performed regularly, then the result could be unmatched configurations.

• Computers can be administered remotely with the help of common software products and this is frequently possible to a certain extent using the mechanisms of the operating system. The use of unauthorised software (by the user or the administrator) can result in the use of unauthorised protocols over a VPN-connection or in new security gaps due to insecure settings.

• Encrypted data cannot be scanned by computer virus protection programs. If the concepts for encryption of the data and protection against malicious code are not co-ordinated, then there is a high risk of computer viruses, Trojan horses, or worms, for example, being introduced through the VPN client and causing damage in the network.

• Since VPN clients are operated in many cases in insecure environments and it is therefore practically impossible to control the exchange of data media, for example, then computer viruses and other malicious code pose a particularly high threat. If there is no up-to-date computer virus protection program installed on the VPN client, then the risk of introducing computer viruses, Trojan horses, or worms into the LAN over the VPN client is especially high.

• If bandwidth-intensive functions are executed over VPN connections, then there is a risk of a user cancelling the VPN connection and establishing a new one because the user assumes that a malfunction has occurred. In most cases, the real reason is that the response time is unacceptably long because there is not enough bandwidth available. On the one hand, this can result in inconsistencies in the application data, and on the other hand, to an increase in the load placed on the VPN.

• Since VPNs become highly complex once they reach a certain size and structure, errors in the configuration can lead to insecure and incorrect settings. This risk is especially high when the administrators have not been adequately trained in the technologies and products used. In this case, errors in the configurations can range from missing security settings to incompatible communication protocols. The consequences resulting from these errors vary greatly as well. One consequence could be that it is impossible to open the connections required or that third parties will be able to connect successfully to the VPN gateway without authorisation.

Every modification to the security settings by untrained administrators and any extensions of the access rights (see T 3.16 Incorrect administration of site and data access rights) can impair the overall security. The configuration changes made on VPN end points are often neither secured nor documented. If the components subsequently fail, then it will be impossible to determine the last changes made, which is required to successfully restart the system. Even a poor operating concept or inadequately planned maintenance windows can have a negative impact on the availability of the VPN.

Examples:

• A new administrator who had not been trained yet changed a configuration parameter of the VPN without giving it much thought. This resulted in a long-term interruption of the connection shared by a manufacturer and its supplier. This then led to a costly shutdown in production because urgently needed parts could not be delivered.
• One company used a software management system that regularly installed new software updates on every user's computer. Due to a configuration error, the mobile VPN clients were also included in this procedure. After successfully establishing a connection, the entire bandwidth was consumed by the management software to transfer a large update package to the mobile clients.