Apani Networks VPN Clients Not Impacted by New ISAKMP Vulnerability
BREA. Calif. – November 17, 2005 – Apani Networks, the leading enterprise network security software provider focused on securing inside the network perimeter, today addressed a new vulnerability in the Internet Security Association and Key Management Protocol (ISAKMP) used in IPSec VPNs and firewall products produced by a number of networking hardware companies which could open enterprise networks to denial-of-service attacks and other security breaches. Apani reports that the company’s VPN client products are not affected by this new vulnerability even though Apani’s VPN clients use ISAKMP to communicate with each other.
According to an advisory from the British National Infrastructure Security Co-ordination Centre and the Finnish CERT, the vulnerability’s severity varies by software vendor and is restricted to servers. Apani VPN customers should consult the server-device provider for recommended actions and patches.
The ISAKMP provides associations for security protocols and helps to establish secure links over the Internet. Since IPSec encrypts packets and creates secure tunnels for traffic traveling over the public Internet and into corporate network environments, ISAKMP plays a key role in helping remote access users securely connect to their company’s corporate networks. The new security flaw could create DoS conditions, slow data traffic over the Internet or gain control over a network device to render it unusable.
Apani Networks has an installed base of Multi-OS VPN clients rich with features that allow clients to seamlessly interoperate with leading VPN gateways for effective IPsec-protected secure remote access. Apani’s family of VPN clients enables users to establish secure encrypted tunnels from a client computer to Contivity VPN switches to encrypt and authenticate IP-based communications from public or private networks.
About Apani Networks
Established in 2003, Apani Networks is the leading enterprise network security software provider focused on securing inside the network perimeter. EpiForce, the company’s flagship product, provides a transparent security layer for networked applications by encrypting data in motion, enforcing machine-level access control and centrally managing security policy relationships. Apani enables corporate IT managers to quickly, automatically and cost effectively lock down their networks, while providing the security and audit trail necessary to demonstrate compliance to the wide range of regulations that affect enterprises today. For more information, visit www.apani.com.