VPNs are often advertised as gatekeepers to your online security while you browse the Internet. But what happens when the concierge gets you robbed? The Fortinet Leak is one of the many incidents which reminds you that subscribing to a VPN is not enough.
87,000 Fortinet users learned this lesson the hard way, but this incident is a reminder to consider other online security tools along with a VPN.
Let’s look at the Fortinet leak in detail and the points to take away from this incident.
What Was the Fortinet Leak?
Fortinet, a leading name in network security, faced a massive shocker when the confidential credentials of more than 87,000 of its users got leaked on the Dark Web. The leak was due to the exploitation of a two-year-old vulnerability known as CVE-2018-13379. These vulnerabilities are one of the most exploited loopholes, according to the FBI and CISA.
The vulnerability was known to Fortinet, and it even warned its users to update their VPN applications to patch CVE-2018-13379. According to the VPN Client, most victims did not update their VPN applications or those that did not change their passwords after an update. Hackers leaked the victims’ user IDs and passwords on the Dark Web, after which Fortinet confirmed the leak in their blog.
This is what Fortinet had to say after the leak got revealed on the Dark Web, “This incident is related to an old vulnerability resolved in May 2019. At that time, Fortinet issued a PSIRT advisory and communicated directly with customers.”
Since customer security is a top priority, Fortinet has issued multiple corporate blog posts outlining this issue, with an intent to strongly encourage customers to upgrade their impacted devices.
In addition to advisories, and direct communications, these blogs were published in August 2019, July 2020, April 2021, and June 2021.
The products that fell prey to this massive attack included FortiOS 6.0 (6.0.0 to 6.0.4), FortiOS 5.6 (5.6.3 to 5.6.7), and FortiOS 5.4 (5.4.6 to 5.4.12), provided the user had SSL VPN service turned on.
The security vendor posted some of the compromised IPs on GitHub so that the victims could take necessary steps to stop any further damage. Fortinet also released a set of guidelines for the victims of this leak, which are as follows:
- If you use any of the versions mentioned above, you should upgrade to FortiOS 5.4.12, 5.6.8, 6.0.5, 6.2.0, or beyond.
- Please make sure you change your credentials as they can be at risk. By not changing the credentials, you might give the hackers access to your details.
- You should enable Multi-Factor authentication in your VPN application to ensure that no unauthorized person can enter your account.
What to Take Away From the Fortinet Leak?
The VPN vulnerability CVE-2018-13379 was long known to the world, but the attack could not be avoided. The incident makes us ponder our online security choices and gives us an important lesson to not rely on a unidimensional security tool.
VPNs have existed for more than two decades as the proprietary security solution for individual users and businesses; undoubtedly, there has been a rapid increase in sophisticated attacks.
VPNs reroute your information through a secured server, making it hard to attack the end-user, but there’s a downside to this approach. What if the secured server gets attacked? A hacker can access confidential data of every user that used the compromised VPN server, which is somewhat similar to the Fortinet leak.
Even if we keep aside the security risks associated with VPNs, they don’t come up as an optimal security solution in modern times. They are hard to scale, especially when people are adapting to the work-from-home lifestyle. The connection delays associated with VPNs are also huge caveats, especially for industries relying on quick network access.
ZTNA as an Alternative to VPNs
ZTNA (Zero Trust Network Access) comes up as a much better solution for online security than a conventional VPN, given its multi-dimensional protection capabilities. You can imagine ZTNA as a set of multiple gatekeepers taking care of your online security in an endeavour to avoid threats bypassing the network security. ZTNA works on trusting no one and authenticating every network request based on both internal and external demands.
A conventional security solution like a VPN grants complete access to all the resources once a request gets verified. This practice increases the risk of resource exploitation, as sophisticated programs are capable of bypassing single authentications. On the other hand, ZTNA makes sure that every connection request is verified and contained in a secure bubble. This safe and secure bubble only includes resources that the connection initially demanded, ensuring no resource exploitation takes place.
ZTNAs come with the feature to monitor user behaviour and deduce common trends from it. These trends serve as raw data for the data analysts as well as helps in pointing out erratic behaviour.
Advanced ZTNA solutions can accurately alarm you about threats by analyzing user behaviour. Moreover, there has been a rapid shift over to Cloud-based solutions and accessing different networks for ensuring proper functioning of enterprises.
Legacy VPNs can’t cope with such a vast increase in potential threat entry points, but a dynamic solution like ZTNA can quickly secure all the entry points.
Here are a few benefits that ZTNA brings with itself:
- The possibility of a threat going undetected is highly diminished as ZTNA makes sure every connection request gets monitored thoroughly. Even the internal demands are not barred from the authentication process to ensure air-tight security.
- You can expect your security solution to pack all the latest and advanced protection tools as ZTNA brings in features like multi-factor authentication, least privilege access, and user behaviour monitoring.
- You will be notified immediately if a threat tries to enter your secure server. Thanks to the AI-based real-time monitoring associated with ZTNA.
- Security remains at the core of business practice as ZTNA ensures a 360-degree approach using multi-dimensional security standards.
The SDP (Software-Defined Perimeter) in a ZTNA network ensures a secure and protected connection between the user and the resources they request. The technology acts as an intermediate between the user and the company’s resources. This ensures the connection is secure irrespective of access locations.
There are quite a few benefits to using SDPs. Let’s look at a few of the significant advantages:
- Extensible and scalable: SDPs are perfect for all modern requirements like Cloud-based services. You can integrate SDPs with internal operational systems and their security parameters within the network.
- Adaptive: SDPs quickly adapt to the changes in the network demands. The changes are real-time, considering the AI-based real-time monitoring capabilities.
- User-centric: SDPs authenticate every user before granting resources according to the user-initiated requests. SDPs log in crucial user information such as user behaviour, permissions, location, and more.
- Granularity: SDPs are highly granular in the way they function. The users are only granted resources they need while being in a secure bubble that ensures a protected connection. This level of granularity is essential to restrict any unauthorized access to your network.
The recent Fortinet Leak is a clear warning that a unidimensional protection tool is just not enough. If you are a Fortinet Leak victim, make sure to follow the guidelines mentioned in the article. With that said, it is essential to consider better and more efficient security like ZTNA. The dynamic nature of ZTNA makes it perfect for the modern-day scenario.