Companies rush to review VPN security
Businesses may be prompted to review the security features of their corporate VPN connection in the wake of the largest credit card theft in US history.
At the US district court in Boston, Albert Gonzalez, a 28-year-old college dropout from Florida, has just pleaded guilty on two charges of conspiracy to gain unauthorised access to payment card networks, reports AFP.
Working alongside two Russian accomplices, who remain at large, he is believed to have helped steal more than 130 million credit and debit card numbers.
Mr Gonzalez ’s extensive knowledge of different types of computer network, such as the popular VPN connection, was used to obtain details from over 250 high-profile companies including convenience store chain 7-Eleven and card payment processor Heartland Payment Systems.
Now that he has pleaded guilty, Mr Gonzalez will have to wait till March 2010 to learn his punishment.
The two judges responsible for sentencing are expected to order that he serves between 17 and 25 years in prison.
Reuters reports that US district judge Douglas Woodlock told him in court: “You face a considerable amount of time in jail as a result of your plea. All aspects of your life are to be affected.”
Last month, security specialist Tufin Technologies gave several pieces of advice concerning how to protect a corporate VPN connection.
It suggested that companies maintained a log of all failed attempts to access the VPN connection and firewall.
Moreover, businesses were encouraged to restrict access only to certain IP addresses and regularly test their systems.