Firewall Wizards mailing list archives

Re: VPNmadness gets more support;

From: "Kevin Sheldrake" <kev () electriccat co uk>
Date: Fri, 04 Feb 2005 13:05:10 -0000

That article reads like a lot of FUD IMHO.

According to the NTA Monitor article, the attacks centred around usernameenumeration, password hash capturing through use of Aggressive Mode andoff-line password cracking.

I don't doubt that a badly configured VPN is insecure (use of the Nullencryption algorithm springs to mind) and that statistics can claim howmany are probably insecure, but I do think that the focus is incorrectlydirected at the VPN technology and not at theusers/admins/consultants/whoever.

Use certificates. Don't use Aggressive Mode. Patch the software. Don'tspread FUD unless you have too. ;)

Kev


We asked about a year and a half ago <maybe two years ago even...>  a
number of folks on and off this list if our prediction that the use of

VPN's resulted in our suspected hypothoses that 75% or more of all theVPN

solutions in place actually did little or nothing to protect assests for
those employing them, well, the precentage we claimed at the time should
perhaps be boosted to 90%+ now eh:


February 01, vnunet.com - Virtual private networks (VPNs) are often the
weakest security link, study says. A three-year research project by

securityfirm NTA Monitor has concluded that nine out of 10 virtualprivatenetworks(VPNs) have exploitable vulnerabilities. Most of the companiesthat

had their VPNs tested as part of the project thought that they were
invulnerableto hackers, but researchers found the same types of flaw
repeated across the whole product range. The report stated that, in some
cases, VPNs were actually the weakest security link in an organization.
The most widespread flaw involved the hacking of user names. Other
vulnerabilities center around password cracking.
Report: http://www.nta-monitor.com/news/vpn-flaws/index.htm
Source: http://www.vnunet.com/news/1160912

Thanks,


Ron DuFresne




--
Kevin Sheldrake MEng MIEE CEng CISSP
Electric Cat (Cheltenham) Ltd

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

VPNmadness gets more support; R. DuFresne (Feb 03)
- Re: VPNmadness gets more support; Kevin Sheldrake (Feb 05)
  - Re: VPNmadness gets more support; R. DuFresne (Feb 05)
- Re: VPNmadness gets more support; Dave Piscitello (Feb 11)
  - Re: VPNmadness gets more support; R. DuFresne (Feb 11)
    - RE: VPNmadness gets more support; Tina Bird (Feb 12)
    - A few sql 2000 related questions Mike LeBlanc (Feb 12)
    - RE: A few sql 2000 related questions Paul Melson (Feb 14)
  - Re: VPNmadness gets more support; Paul D. Robertson (Feb 11)
    - Re: VPNmadness gets more support; Frederick M Avolio (Feb 12)
    - Re: VPNmadness gets more support; Steven M. Bellovin (Feb 14)
    - Re: VPNmadness gets more support; ArkanoiD (Feb 14)

(Thread continues...)