Penetration Testing mailing list archives

RE: pen test VPN

From: DABDELMO () bouyguestelecom fr
Date: Mon, 25 Feb 2002 15:55:19 +0100

It perfectly makes sense to pen-test VPN access. Traffic may eventually be
encrypted, and then confidential datas going over untrusted network could
not be sniffed. But beyond that a VPN gateway is often a direct entry point
to the internal network. Starting from here, all of your security relies on
the the authentication used by the VPN gateway. If this one is not good
enough, you might be in trouble. This is where the VPN pen-testing come. As
for tools I don't really know any specific one. To me the steps for
pen-testing would be quite classical, identifying the type of VPN that can
be done with gateway (ie IKE/IPSec, PPTP, L2TP/IPSec...), finding what is
exactly the type of the VPN gateway, then do specific vulnerability research
on this gateway type, and start with the associated VPN client. Indeed
various things can be done as a start depending of the solution, for example
with Checkpoint VPN-1, you should be able to get the topology file...
BR

David

-----Message d'origine-----
De:   Carl Bysen [SMTP:crbyme () writeme com]
Date: samedi 23 février 2002 17:25
À:    pen-test () securityfocus com
Objet:        pen test VPN

Hi,

what can be done to pen test a VPN setup? Which tools are available,
additionally does it make sense to pen-test a VPN setup (traffic is
encrypted)?


Regards,
--egonle
-- 

_______________________________________________

Sign-up for your own FREE Personalized E-mail at Mail.com

http://www.mail.com/?sr=signup





1 cent a minute calls anywhere in the U.S.!



http://www.getpennytalk.com/cgi-bin/adforward.cgi?p_key=RG9853KJ&url=http:
//www.getpennytalk.com





--------------------------------------------------------------------------
--
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

pen test VPN Carl Bysen (Feb 25)
- Re: pen test VPN Jose Nazario (Feb 26)
- Re: pen test VPN Mark Rowe (Feb 27)
- <Possible follow-ups>
- pen test VPN cdowns (Feb 25)
- RE: pen test VPN DABDELMO (Feb 25)
  - RE: pen test VPN Eric Hines (Feb 26)
- RE: pen test VPN Aleksander P. Czarnowski (Feb 26)