Penetration Testing mailing list archives
RE: pen test VPN
From: "Aleksander P. Czarnowski" <alekc () avet com pl>
Date: Tue, 26 Feb 2002 10:30:53 +0100
We all know that VPN does nothing more then encrypt Data. We need to make sure that the data being transfered to our interal networks is actually Good Data.
It is also very important to identify all points where encrypted data is being decrypted and how it is transmitted later. I've seen dozens of very expensive VPN installations where architecture design was flawed and encrypted data was also transmitted in open form. Running snort in sniffer mode (or any other sniffer) can be very helpful to discover such things. Also check for vulnerabilities specific for your VPN platform. Regards, Alex Czarnowski AVET INS ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- pen test VPN Carl Bysen (Feb 25)
- Re: pen test VPN Jose Nazario (Feb 26)
- Re: pen test VPN Mark Rowe (Feb 27)
- <Possible follow-ups>
- pen test VPN cdowns (Feb 25)
- RE: pen test VPN DABDELMO (Feb 25)
- RE: pen test VPN Eric Hines (Feb 26)
- RE: pen test VPN Aleksander P. Czarnowski (Feb 26)