vpn and security flaws rajesh perumal clemson university
TRANSCRIPT
VPN AND SECURITY FLAWS
Rajesh PerumalClemson University
VPN – AN ATTRACTIVE TARGET
Carry Sensitive information Remote access VPNs exposes entire
internal network Intrusion Detection Systems cannot
Monitor VPN Traffic Increase in security in Internet
servers makes VPN a tempting Target.
VPN FLAWS Insecure storage of Authentication
credentials by VPN Clients Username Enumeration Vulnerabilities Offline Password Cracking Man in the Middle Attacks Lack of Account Lockout Poor Default Configurations Poor Guidance and Documentation
Insecure storage of Authentication credentials by VPN Clients
Storing the username unencrypted in a file or the registry
Storing password in scrambled form or obfuscated form
Physical memory dumps can reveal plain text passwords
Caching credentials
Username Enumeration Vulnerabilities
IKE Aggressive Mode with PSK will prompt or give clue the hacker, the login name is incorrect. So the hacker can deduce the correct user names.
Offline Password Cracking
Easy to obtain Hash function. Responder hash is obtained Dictionary attack on the password will
reveal in feasible amount.
Man in the Middle Attacks By installing a packet sniffing system between the
VPN client and server , we can sniff clear text user names and the password can be cracked by the 1st and 2nd packets of the IKE Aggressive mode exchange.
The sniffing system (SS), acts as a server for the client and as a client for the server. SS can get passwords, user names and ISAKMP message from the client and issue its own ISAKMP message. Similarly the sniffer can send its own ISAKMP message, since the user name and password is known.
Poor Guidance and Documentation
End user is not provided with proper documentation and is not well informed to take proper decisions.
User goes with default settings, default encryption.
CONCLUSION Remote access VPN systems , 90% have had significant
security issues. Cryptographic Techniques adopted are strong but
vulnerabilities are due to poor configuration. Well accepted security practices are not adopted. Info leaking about valid usernames is prevented in OS but not
in VPN. Users make Default configuration on the basis of ease of use
rather than security. Eg. IKE Aggressive mode with PSK authentication
Users do not know the intensity of bad Configuration options. Proper testing is needed. Tools like “ike – scan” should help
testing the VPN.