Re: VPN hijacking

["Laumann, Dave" <dlaumann () SUNTZU NET>]

good point, however i've seen many vpn software clients that do not offer
that option or the option is not enabled for whatever reasons -may be
disabled by user, company may want dual traffic vpn and non-vpn, etc. then,
there are hardware vpns that protect segments. these are vulnerable to a
wider range of attacks.

to answer the original question, yes we have seen cases where vpns have been
piggy backed (not hijacked) to gain unauthorized access. in one instance an
admin's home network was compromised, then eventually the vpn was piggy
backed to access the organization. i also know of an organization that for
reasons refuses to allow user authentication. vpns are only as good as the
implementation. there are so many ways to implement a vpn, it's such a
generic term. any solution should be based on standards based encryption
that has been independently reviewed. multi factor authentication should be
used. ah tunnel or esp tunnel should be used when possible. logging must be
used and reviewed. hardening of the endpoint should be considered. policy
has to be implemented. etc...

in addition to piggy back attacks, what about the data that is transferred
back over the vpn. will that data reside on the endpoint? how sensitive is
it? for how long? how is it protected? who owns the endpoint, the
corporation, the user, or? etc...

-dave

[snip]
> However in defense of this kind of attack, most VPN clients include
> a 'blocking' mode that will not allow any other traffic to the
> client while the VPN is active.
[snip]
> Regards,
>
> -john
[snip]
> > Did any of you come across an incident of VPN hijacking?
> > Theoretically, if I
> > use an unprotected client to access the VPN, if someone
> > hacks into my client
> > PC, he can hijack the session. Did this ever happen ?
> >
> > Thanks,
> >
> > Ishai Wertheimer