Re: [fw-wiz] VPNmadness gets more support;

From: Kevin Sheldrake (
Date: 02/04/05

  • Next message: R. DuFresne: "Re: [fw-wiz] VPNmadness gets more support;"
    To: "R. DuFresne" <>, "''" <>
    Date: Fri, 04 Feb 2005 13:05:10 -0000

    That article reads like a lot of FUD IMHO.

    According to the NTA Monitor article, the attacks centred around username
    enumeration, password hash capturing through use of Aggressive Mode and
    off-line password cracking.

    I don't doubt that a badly configured VPN is insecure (use of the Null
    encryption algorithm springs to mind) and that statistics can claim how
    many are probably insecure, but I do think that the focus is incorrectly
    directed at the VPN technology and not at the

    Use certificates. Don't use Aggressive Mode. Patch the software. Don't
    spread FUD unless you have too. ;)


    > We asked about a year and a half ago <maybe two years ago even...> a
    > number of folks on and off this list if our prediction that the use of
    > VPN's resulted in our suspected hypothoses that 75% or more of all the
    > VPN
    > solutions in place actually did little or nothing to protect assests for
    > those employing them, well, the precentage we claimed at the time should
    > perhaps be boosted to 90%+ now eh:
    > February 01, - Virtual private networks (VPNs) are often the
    > weakest security link, study says. A three-year research project by
    > securityfirm NTA Monitor has concluded that nine out of 10 virtual
    > private
    > networks(VPNs) have exploitable vulnerabilities. Most of the companies
    > that
    > had their VPNs tested as part of the project thought that they were
    > invulnerableto hackers, but researchers found the same types of flaw
    > repeated across the whole product range. The report stated that, in some
    > cases, VPNs were actually the weakest security link in an organization.
    > The most widespread flaw involved the hacking of user names. Other
    > vulnerabilities center around password cracking.
    > Report:
    > Source:
    > Thanks,
    > Ron DuFresne

    Kevin Sheldrake MEng MIEE CEng CISSP
    Electric Cat (Cheltenham) Ltd
    firewall-wizards mailing list

  • Next message: R. DuFresne: "Re: [fw-wiz] VPNmadness gets more support;"