This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Virtually Private Networks
Is Secure Remote Access like the emperor's new clothes?
Enterprise businesses equip staff with mobile devices such as laptops and smart phones to perform daily tasks. This makes the workforce much more mobile but places an implicit burden on the staff to ensure that they are always on-line. Security is handled by the underlying operating system and supporting solutions, for example a Secure Remote Access solution or "VPN".
Endpoint VPN technology has been around since at least 1996 when Microsoft created the Peer to Peer Tunneling Protocol (PPTP). OpenVPN and similar open source VPN technologies have advanced this tech from highly specialized to near commodity.
A robust VPN implementation should not allow a user to interact with a network resource that bypasses the secure tunnel. What then happens in the time between connecting to the Wi-Fi hotspot and activating the tunnel? How vulnerable is the user during this time? Surely the Wi-Fi hotspot securely isolates guests and surely the local firewall on the laptop will protect the user from any attacker, but does this assumption hold even if the hotspot is fully under the control of an attacker?
In this presentation, we will reveal research we conducted into the efficacy of modern commercial "VPN" solutions in the face of modern mobile worker use cases, typical endpoint technologies, and contemporary threat models.
In short: How "secure" can remote access ever be?
Charl van der Walt
Charl van der Walt was a Co-Founder of SensePost - a penetration testing company that has made a mark on the industry globally for two decades now. With the acquisition of SensePost by European giant Orange Cyberdefense, he now acts Head of Security Research where he leads a specialist security research unit that identifies, tracks, analyzes and communicates significant developments in the security landscape that may impact customers. Charl and his team are globally recognized and frequently showcased at international security events such as Black Hat, RSA & BSides. Our access to authentic security data as an operator, and our deep focus on intelligence and research, place us in a unique position to understand and comment on the fundamental dynamics of the security landscape.
Wicus Ross is Senior Researcher at Security Research Center for Orange Cyberdefense. He is tasked with investigating industry events and trends, with the single purpose of understanding how these may affect business. Wicus uses his understanding and knowledge to advise customers and threat detection/hunting teams on the appropriate response given the threat or trend.
VP of Cybersecurity Engineering
Matt Cauthorn oversees the ExtraHop Networks Security Sales Engineering and enjoys studying the intersection of business and technology. Prior to ExtraHop, Matt was a Sales Engineering Manager at F5. He's a passionate technologist and evangelist. He holds an MBA from Georgia State University and a Bachelor of Science degree from the University of Florida.