During the early stages of the pandemic, a client reached us asking about their VPN security. As security professionals, we always do our due diligence and shout “its not secure!!”. Is that what we say by default, as security professionals? While it’s true, some of us get a bit dramatic about it.
Working remotely is the new norm and the quickest security fix that companies use is the VPN services. Without the VPN, the employees will not be able to access company resources. While this is a good measure, like any security measures, it is not 100% secure. In fact, it can even give you a false sense of security.
After following the scope discussions, NDA, and other requirements, we took on the assignment to test the client’s VPN security. The client was using Fortinet SSL VPN v6.0.2, which is from Fortigate, is recognized globally, so you think it must be secure right?