MHO’s Post

Securing #telecom networks is more challenging than ever in the age of hyper-connectivity. Vertiv NetSure Control Unit offers advanced #security features like HTTPS and SNMPv3 encryption to safeguard sensitive data. Explore how you can enhance security: http://ms.spr.ly/6047YH757

“The vulnerability, identified as CVE-2024-24919, affects software in multiple versions of Check Point's CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark appliances. All the affected products are Check Point security gateways with IPsec VPN functionality. Dangerous Vulnerability Check Point has warned of the vulnerability allowing attackers to access sensitive information in the security gateways that, in some instances, could allow them to move laterally on a compromised network and gain domain admin privileges. The security vendor disclosed the vulnerability May 28 — along with a hotfix for it — amid reports of active exploitation attempts. Check Point has identified the exploitation activity as having started in early April, nearly two months before disclosure. Large-Scale Exploitation Attempts The first real exploit attempt originated from a New York-based IP address. By June 5, Greynoise detected as many as 782 IPs from around the world targeting the vulnerability. "With a public proof of concept out, and exploitation quickly ramping up, we recommend patching Check Point as soon as possible," Greynoise advised.” https://lnkd.in/ewy_Y2ad

Exploit activity targeting a recent information disclosure flaw in Check Point's VPN technology has soared in recent days, heightening the need for organizations to address the flaw immediately. The vulnerability, identified as CVE-2024-24919, affects software in multiple versions of Check Point's CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark appliances. All the affected products are Check Point security gateways with IPsec VPN functionality. https://lnkd.in/e2Gs4HhU

The key #techforleaders takeaway is that comprehensive #security is critical. Network engineering should "use IPSec or WireGuard to provide authentication and encryption, and only accept tunneling packets from trusted sources." Where do I set that in my home router? 🤔 The hack itself is interesting, too, as it uses packet forwarding, a basic #network function, to access private networks. https://lnkd.in/d5JkCngS

This directive requires network providers to implement best practices for BGP security, including Route Origin Authorization (ROA), Resource Public Key Infrastructure (RPKI), and Route Origin Validation (ROV). These measures ensure the authenticity and integrity of routing information, with the disclosure of implementation status becoming a key factor in purchase agreements and contracts. This approach aims to strengthen BGP security, addressing threats like hijacking and route leaks. In June, the FCC mandated that the nine largest U.S. broadband providers file reports on their BGP security plans. Currently, about 70% of BGP route originations are ROA-valid, showing progress but highlighting the need for further adoption. The directive is expected to encourage wider use of these protocols to build a more secure and resilient internet infrastructure.

By 2025, 70% of remote access deployments will be via Zero Trust Network Access technology instead of Virtual Private Networks (VPNs),* as enterprises look to upgrade their security. With VPNs, once a user is verified, they can get broad access to the network, which can be risky in case of a breach. ZTNA works on the basis of ‘never trust, always verify’. Users are continuously authenticated and only get access to the specific applications they need, reducing the potential attack surface. Learn about how ZTNA is the future of secure access http://arw.li/6042ots9o *Market Guide for Zero Trust Network Access: http://arw.li/6048otsiE

An excellent article explaining how #IPsec works, covering its details from top to bottom. #IPsec #Internet #Protocol #Security

Is your Wi-fi network opening your organisation up to security risks; Is Wi-Fi configuration left at a default setting; Is performance an issue? In the third of the 7-part series of Enterprise Wi-Fi Myths, our Wi-Fi expert Mark Rigby helps us understand why ‘default configuration’ is not always the best choice and provides some simple quick wins to creating a better performing, more secure Wi-Fi network. https://lnkd.in/gNzGwgYf #wifiwins #improvingconnectivity

Understanding Virtual Private Networks (VPNs) for Enhanced Security: VPN: A Comprehensive Overview In the digital age, understanding Virtual Private Networks (VPNs) is essential for navigating the online landscape securely. A VPN is a sophisticated technology designed to establish a secure connection over potentially insecure networks, such as the Internet, by creating a private network within a public one. How VPNs Operate Here’s a... #VelocityITBlog

Default Wi-Fi settings are costing enterprises 40% in lost performance. Check out Mark Rigby's insightful post helping companies understand why 'default configuration' is not always the best choice! #NetworkSecurity #EnterpriseIT