IVPN infrastructure security audit concluded

IVPN News By Nick Pestell | Posted on March 15, 2023

We’re pleased to announce that an independent security audit of the new IVPN gateway infrastructure has concluded.

We recently decided it was necessary to upgrade our VPN gateway servers to a major new OS version which included many configuration changes. This provided a good opportunity to audit the new servers in our testing environment before deploying them to production for customer use.

Audit results

Two senior members of the Cure53 team conducted the audit over 6 days in February 2023. The audit was divided into two work packages:

  1. Penetration tests and configuration review of the VPN gateway server.
  2. Source code-assisted penetration tests against the VPN server OS and OS setup.

A white-box approach was used whereby the auditors had access to our public and private Github code repositories and a dedicated test environment. No access to production VPN servers or infrastructure was granted to members of the Cure53 team.

A total of 3 security vulnerabilities and 5 miscellaneous issues were discovered (1 medium, 6 low, 1 info). All issues have been remediated. As a result we are now planning the upgrade of our infrastructure with the new configuration. We have made the Cure53 report available for those interested in the details. For transparency we decided to publish the full report with only potentially sensitive information removed (internal hostnames etc).

Commitments going forward

We believe that extensive regular audits are necessary to ensure our customer’s security and continued trust. We continue to commit to an annual security audit where we will focus on those parts of our infrastructure and apps that we believe to be the most critical.

IVPN Team

Audit Security
We invite you to discuss this post in our Reddit community or on Twitter. You can also send your feedback to blog@ivpn.net.
IVPN News

Independent security audit concluded

By Nick Pestell

IVPN News

IVPN applications are now open source

By Viktor Vecsei

Releases

Beta IVPN Linux app released

By Viktor Vecsei

IVPN infrastructure is ready for 5th annual security audit IVPN News

IVPN infrastructure is ready for 5th annual security audit

Posted on December 28, 2022 by Nick Pestell

In-line with our commitment to perform an annual security audit of IVPN systems, we have commissioned the independent security auditing organisation Cure53 to conduct a security audit at the end of February 2023. We aim to publish the results of the audit no later than April 2023.
IVPN apps security audit for 2022 concluded IVPN News

IVPN apps security audit for 2022 concluded

Posted on April 6, 2022 by Nick Pestell

We’re pleased to announce that an independent security audit of the IVPN apps conducted by Cure53 has concluded. Since our last audit 12 months ago we have made significant updates to apps on all platforms and judged that a new audit with similar scope is necessary this year.
Spotted a mistake or have an idea on how to improve this page?
Suggest an edit on GitHub.