SSL VPNs and OpenVPN – Part II


2. Why OpenVPN

Here, in this article, I will lay down the emphasis on one important Open-Source SSL VPN software written by James Yonan and contributed by several others, which proposes security without the inherent complexity of IPsec AND using a trusted design of client component and VPN server.

Usually VPNs require end points which are trusted. The server and client are machines with elevated levels of trust as VPN components are installed on known machines which participate in corporate network according to security policy. Additionally, it is made sure that authentication credentials are pre-installed (in a secure way) on both of these devices so that each endpoint could authenticate each other.

SSL Remote Access connections nee. SSL Gateway clients, allow users to connect to VPN servers irrespective of the machine. The client can be any machine in cybercafe or public terminal. This brings us to two severe security issues. One, we break the trust model. The server and client no longer share the authentication credentials using secure channel.

Two, users connect from machines that are not subject to corporate security policies. Even if the user manages to start SSL session with SSL gateways, they are doing all their input and output on an unknown insecure machines that might as well be worm clearinghouses.

The propensity of a public machine loaded with keystroke loggers and remote management tools that allow the attacker to sniff passwords and collect session data is very high. Untrusted Clientless VPNs on an arbitrary machine is the weakest link in a security chain.
OpenVPN adheres to secure computing practices with a software component installed on the endpoints.

From the OpenVPN website:

“OpenVPN is a full-featured SSL VPN which implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or username/password credentials, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface.
OpenVPN is not a web application proxy and does not operate through a web browser.”

Another reason: OpenVPN is FREE. And works on Linux like OS’s AND Windows.

Next: we will learn how to implement a VPN Tunnel using OpenVPN.

Read on in Part III

Previously:
1. SSL VPNs and Using OpenVPN : What is an SSL VPN

Posted in: Linux Hacking, Networking Hacking, Security Software

, , , , , ,


Latest Posts:


truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.


Comments are closed.