1

Let's assume there is a service provider that hosts some services behind a firewall. Two different companies connect to the network of the service provider via VPN. (To use the services that aren't accessible via internet) Each company has its own VPN tunnel. Can Company A read/redirect/mitm the traffic of company B?

I know that the tunnels themselves are secure. What happens if both connections terminate in the network of the service provider? Is there a security risk? What are the attack vectors or security risks?

auspicious99
  • 493
  • 3
  • 17
firendlyQuestion
  • 31
  • 2
  • What is your model of the VPN? It is provided by the "service provider" as a VPN service to each company? Seems unusual. – auspicious99 Apr 30 '20 at 17:39
  • The "service provider" doesn't offer a VPN service. It offers other services which are behinde a firewall and not public accessible. If a company wants to use the services it connects with a site to site vpn to the network which contains the services. So do multiple other companies. Is there a security risk if the services use e.g. Http instead of https? Can company A man in the middle attack company B? – firendlyQuestion Apr 30 '20 at 17:51

2 Answers2

1

Can Company A read/redirect/mitm the traffic of company B?

Not on a professional VPN service. Secure network configuration is a basic property of those services. So I believe that any reputable VPN service will configure their networks in a way that this attack is not possible.

What happens if both connections terminate in the network of the service provider?

On a minimally well configured network? Nothing interesting happens. The VPN server will be configured with interface isolation, user isolation, guest isolation, or something like this, depending on the vendor. That means that any traffic coming from the guest can only be sent to the gateway, not to other addresses on the same network. And the gateway is configured to not route packets from the internal network to another address on the internal network.

Is there a security risk? What are the attack vectors or security risks?

The main security risk is a misconfiguration somehow. But a reputable VPN provider will mostly sure have Change Management Process in place to take care of that.

So there's no risk? There's always a risk when you don't control all your infrastructure. But the risk is lower than it seems. Take into account that your own employees can mismanage things, allow external access to internal servers, leak credentials, so nothing is 100% secure.

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142
0

Each VPN connection involves the main risk that both company A and company B are trusting the service provider, the service provider is also trusting them.

Ideally there will be a firewall ruleset at the service provider that restricts the network / application access that each company has in the service provider's network and allows nothing more. I would assume it should not allow any communication between the two companies. Additionally the service provider might have a separate dedicated network for each customer, further isolating the traffic. The risks that are possible are any that could happen on any network - clients infected with malware, malicious attackers scanning for vulnerabilities, and so on. Most are minimised by restricting network access and ideally using network segmentation.

A MITM attack would not be the first I would think of, as I would assume the VPN traffic is allowed for connections from company A to the service provider only, but the traffic would have to come in the other direction for such interception (company B sends connections to the malicious company A proxy)

Ter9
  • 121
  • 3