Re: [fw-wiz] VPNmadness gets more support;

From: Kevin Sheldrake (kev_at_electriccat.co.uk)
Date: 02/04/05

  • Next message: R. DuFresne: "Re: [fw-wiz] VPNmadness gets more support;"
    To: "R. DuFresne" <dufresne@sysinfo.com>, "'firewall-wizards@honor.icsalabs.com'" <firewall-wizards@honor.icsalabs.com>
    Date: Fri, 04 Feb 2005 13:05:10 -0000
    
    

    That article reads like a lot of FUD IMHO.

    According to the NTA Monitor article, the attacks centred around username
    enumeration, password hash capturing through use of Aggressive Mode and
    off-line password cracking.

    I don't doubt that a badly configured VPN is insecure (use of the Null
    encryption algorithm springs to mind) and that statistics can claim how
    many are probably insecure, but I do think that the focus is incorrectly
    directed at the VPN technology and not at the
    users/admins/consultants/whoever.

    Use certificates. Don't use Aggressive Mode. Patch the software. Don't
    spread FUD unless you have too. ;)

    Kev

    >
    > We asked about a year and a half ago <maybe two years ago even...> a
    > number of folks on and off this list if our prediction that the use of
    > VPN's resulted in our suspected hypothoses that 75% or more of all the
    > VPN
    > solutions in place actually did little or nothing to protect assests for
    > those employing them, well, the precentage we claimed at the time should
    > perhaps be boosted to 90%+ now eh:
    >
    >
    > February 01, vnunet.com - Virtual private networks (VPNs) are often the
    > weakest security link, study says. A three-year research project by
    > securityfirm NTA Monitor has concluded that nine out of 10 virtual
    > private
    > networks(VPNs) have exploitable vulnerabilities. Most of the companies
    > that
    > had their VPNs tested as part of the project thought that they were
    > invulnerableto hackers, but researchers found the same types of flaw
    > repeated across the whole product range. The report stated that, in some
    > cases, VPNs were actually the weakest security link in an organization.
    > The most widespread flaw involved the hacking of user names. Other
    > vulnerabilities center around password cracking.
    > Report: http://www.nta-monitor.com/news/vpn-flaws/index.htm
    > Source: http://www.vnunet.com/news/1160912
    >
    > Thanks,
    >
    >
    > Ron DuFresne

    -- 
    Kevin Sheldrake MEng MIEE CEng CISSP
    Electric Cat (Cheltenham) Ltd
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: R. DuFresne: "Re: [fw-wiz] VPNmadness gets more support;"