SSL VPNs and OpenVPN – Part II


2. Why OpenVPN

Here, in this article, I will lay down the emphasis on one important Open-Source SSL VPN software written by James Yonan and contributed by several others, which proposes security without the inherent complexity of IPsec AND using a trusted design of client component and VPN server.

Usually VPNs require end points which are trusted. The server and client are machines with elevated levels of trust as VPN components are installed on known machines which participate in corporate network according to security policy. Additionally, it is made sure that authentication credentials are pre-installed (in a secure way) on both of these devices so that each endpoint could authenticate each other.

SSL Remote Access connections nee. SSL Gateway clients, allow users to connect to VPN servers irrespective of the machine. The client can be any machine in cybercafe or public terminal. This brings us to two severe security issues. One, we break the trust model. The server and client no longer share the authentication credentials using secure channel.

Two, users connect from machines that are not subject to corporate security policies. Even if the user manages to start SSL session with SSL gateways, they are doing all their input and output on an unknown insecure machines that might as well be worm clearinghouses.

The propensity of a public machine loaded with keystroke loggers and remote management tools that allow the attacker to sniff passwords and collect session data is very high. Untrusted Clientless VPNs on an arbitrary machine is the weakest link in a security chain.
OpenVPN adheres to secure computing practices with a software component installed on the endpoints.

From the OpenVPN website:

“OpenVPN is a full-featured SSL VPN which implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or username/password credentials, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface.
OpenVPN is not a web application proxy and does not operate through a web browser.”

Another reason: OpenVPN is FREE. And works on Linux like OS’s AND Windows.

Next: we will learn how to implement a VPN Tunnel using OpenVPN.

Read on in Part III

Previously:
1. SSL VPNs and Using OpenVPN : What is an SSL VPN

Posted in: Linux Hacking, Networking Hacking, Security Software

, , , , , ,


Latest Posts:


LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.
HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.
Stardox - Github Stargazers Information Gathering Tool Stardox – Github Stargazers Information Gathering Tool
Stardox is a Python-based GitHub stargazers information gathering tool, it scrapes Github for information and displays them in a list tree view.
ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.


Comments are closed.