USNCVA - Now Read This

NOW READ THIS
("Security Advisory")

Go Back

Submitted by: Bill Hickey
NCVA List Master

NRT-0090 VISTA's use of Teredo is potentially insecure:

Security firm Symantec says Windows VISTA's use of the IP tunneling protocol TEREDO is potentially insecure. Microsoft is using TEREDO to enable a transition from IPv4 to IPv6. According to Symantec Security Security Response, the introduction of TEREDO could allow attacks to circumvent or bypass a firewall. If attacks on a system are tunneled, they will be invisible to intrusion detection systems. "Any security device needs to be aware of TEREDO in order to look into it and analyze traffic traveling over it," a Symantec official said. He added, "For enterprises, this presents, obviously, a serious concern. Attackers can, for one, tunnel through perimeter devices without being seen and tunnel attacks over [TEREDO] without being seen by perimeter devices." Symantec expects most enterprises to disable TEREDO, though Symantec found in testing that TEREDO is easily activated when a VISTA application attempts to use IPv6.

(eWeek.com 16MAR07)

Last Modified: Friday, 23-Mar-2007 17:48:40 EST

NOW READ THIS ("Security Advisory")

NRT-0090 VISTA's use of Teredo is potentially insecure:

NOW READ THIS
("Security Advisory")