Cyber-criminals are always evolving their attack methods to beat even the strongest security measures. Privacy and security researcher, Samy Kamkar, recently demonstrated a new way for bad actors to strike, reporting the findings last weekend. In the latest technique, called NAT Slipstreaming, attackers can altogether bypass an organization’s firewall and remotely access their TCP/UDP service.
Organizations should pay close attention to this new method of attack and take immediate action to protect themselves.
What is NAT Slipstream and How Does it Work?
First, it’s important to understand what NAT Slipstream is and how it works. Network Address Translation (NAT) is the process where a network device or firewall translates an IP address into another while the data is in transit. This limits the number of public IP addresses an organization uses in their network, which is often advantageous from a security standpoint.
You can read the full description of the NAT Slipstreaming attack here.
How Can You Protect Against it?
Organizations can protect themselves against remote NAT Slipstreaming by disabling ALG. If your organization requires ALG or wants to ensure you are protected against other zero-day exploits, it is important to properly leverage Layer7 application inspection, SSL decryption, and your PKI environment to greatly reduce the size of your attack landscape.
Vandis can help secure your organization against attacks including the NAT Slipstream by providing guidance on best practice for PKI implementations, SSL Decryption, and Layer7 Application-based policies. To get started with a free, no-obligation conversation, reach out to firstname.lastname@example.org or 516-281-2200.