Attacking VPN's

Preview:

Click to see full reader

Citation preview

VPN penetration testingBy

Abdul Adil

Who am i?

• Web application & Network pentester • Malware reverse engineering• Regular to Null Hyderabad chapter • Email: Abdul.Adil@connectica.in • Website: Connectica.in• Twitter:@AbdulAdil02

Agenda

• What & Why VPN?• Types of VPN• VPN Internals• VPN issues• Demo• Questionnaire?

What & Why VPN?

• VPN stands for “Virtual private network”.• It extends a private network across a public network (internet).• It establishes a virtual point-to-point connection.• Connection is encrypted!.

Scenario of VPN usage

Type of VPN protocol

• PPTP• IPSec• SSL VPN• Hybrid VPN

Types of VPN protocol• PPTP(Point to point tunneling protocol): This is the most common and widely used

VPN protocol. They enable authorized remote users to connect to the VPN network using their existing Internet connection and then log on to the VPN using password authentication.

• IPSec: Trusted protocol which sets up a tunnel from the remote site into your central site. As the name suggests, it’s designed for IP traffic. IPSec requires expensive, time consuming client installations and this can be considered an important disadvantage.

VPN protocol & types

•SSL VPN:SSL or Secure Socket Layer is a VPN accessible via https over web browser. SSL creates a secure session from your PC browser to the application server you’re accessing. The major advantage of SSL is that it doesn’t need any software installed because it uses the web browser as the client application.

•Hybrid VPN: It combines the features of SSL and IPSec & also other types of VPN types. Hybrid VPN servers are able to accept connections from multiple types of VPN clients. They offer higher flexibility at both client and server levels and bound to be expensive.

VPN Internals

VPN Traffic

VPN appliance and applications

VPN Appliance

VPN application

VPN issues

• Some of the protocols provide weak encryptions.• Vulnerable to brute force attacks as there is only one DES 56bit key to

crack.• RC4 cipher which is used for encryption does not doesn’t helps us

with the integrity of the data.• If not configure properly it can lead to leakage of data over

network(Port fail vulnerability).

Twitter:@AbdulAdil02 Email:Abdul.Adil@connectica.in

mailto:Abdul.Adil@connectica.in

Thanks to Null Hyderabad.

Recommended

Attacking HTML5
Technology
Attacking Access Control
Documents
Snail Attacking rides
Business
Attacking SMS
Documents
Attacking distributed systems
Education
Attacking a castle
Documents
Attacking Web Applications
Technology
Attacking Web Proxies
Technology
AWS Direct Connect & VPN's - Pop-up Loft Tel Aviv
Technology
Attacking MD5
Documents
Attacking the Recession
Documents
Attacking Mazatzal
Documents
Attacking Android Applications
Documents
Attacking Chess
Documents
Attacking BaseStations
Documents
ATTACKING SCENARIO
Documents
Attacking SAP Mobile
Software
Attacking market leaders
Education
Attacking Childhood Obesity
Health & Medicine
Attacking 3G
Documents