Penetration Testing mailing list archives
Re: Testing two bank laptops. winxp vpn client
From: Skip Carter <skip () taygeta com>
Date: Fri, 24 Feb 2006 07:31:13 -0800
If you used X509 certificate based VPN authentication, then you could revoke the certificates as soon as the laptop is reported stolen and keep the thieves out. Its trickier to set up, but its definiately worth doing it in order to mitigate this risk. On Monday 13 February 2006 05:01, Rony Romero wrote:
Depending the VPN Concentrator you can disable the save password options on it. Regards, Rony----- Original Message ----- From: "Bob WIlliams" <sopiaz57 () gmail com> To: <pen-test () securityfocus com> Sent: Sunday, February 12, 2006 9:33 AM Subject: Testing two bank laptops. winxp vpn client Hey All, I have a client who wants two bank laptops tested. I want to do some reasearch on a fix for a problem I know they are vulnerable too. They use the WIN xp VPN client which saves the password, giving someone who steals the laptop an easy way into the corporate network. Does anyone know how I can disable this feature so employees cant save the password?
-- Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647 Taygeta Network Security Services email: skip () taygeta net 1340 Munras Ave., Suite 314 WWW: http://www.taygeta.net/ Monterey, CA. 93940 ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Testing two bank laptops. winxp vpn client Bob WIlliams (Feb 12)
- Re: Testing two bank laptops. winxp vpn client Thor (Hammer of God) (Feb 12)
- Re: Testing two bank laptops. winxp vpn client Rony Romero (Feb 13)
- Re: Testing two bank laptops. winxp vpn client Skip Carter (Feb 24)
- Re: Testing two bank laptops. winxp vpn client Rony Romero (Feb 13)
- RE: Testing two bank laptops. winxp vpn client jeremiah (Feb 12)
- Re: Testing two bank laptops. winxp vpn client Thor (Hammer of God) (Feb 12)
- Re: Testing two bank laptops. winxp vpn client lion nagar (Feb 12)
- Re: Testing two bank laptops. winxp vpn client Thor (Hammer of God) (Feb 12)