Penetration Testing mailing list archives

RE: pen test VPN

From: "Aleksander P. Czarnowski" <alekc () avet com pl>
Date: Tue, 26 Feb 2002 10:30:53 +0100

We all know that VPN does nothing more then encrypt Data.
We need to make sure that the data being transfered to our 
interal networks is actually Good Data.

It is also very important to identify all points where encrypted data is
being decrypted and how it is transmitted later. I've seen dozens of
very expensive VPN installations where architecture design was flawed
and encrypted data was also transmitted in open form. Running snort in
sniffer mode (or any other sniffer) can be very helpful to discover such
things. Also check for vulnerabilities specific for your VPN platform. 
Regards,
Alex Czarnowski
AVET INS          

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

pen test VPN Carl Bysen (Feb 25)
- Re: pen test VPN Jose Nazario (Feb 26)
- Re: pen test VPN Mark Rowe (Feb 27)
- <Possible follow-ups>
- pen test VPN cdowns (Feb 25)
- RE: pen test VPN DABDELMO (Feb 25)
  - RE: pen test VPN Eric Hines (Feb 26)
- RE: pen test VPN Aleksander P. Czarnowski (Feb 26)