SSL VPNs and OpenVPN – Part II

The New Acunetix V12 Engine


2. Why OpenVPN

Here, in this article, I will lay down the emphasis on one important Open-Source SSL VPN software written by James Yonan and contributed by several others, which proposes security without the inherent complexity of IPsec AND using a trusted design of client component and VPN server.

Usually VPNs require end points which are trusted. The server and client are machines with elevated levels of trust as VPN components are installed on known machines which participate in corporate network according to security policy. Additionally, it is made sure that authentication credentials are pre-installed (in a secure way) on both of these devices so that each endpoint could authenticate each other.

SSL Remote Access connections nee. SSL Gateway clients, allow users to connect to VPN servers irrespective of the machine. The client can be any machine in cybercafe or public terminal. This brings us to two severe security issues. One, we break the trust model. The server and client no longer share the authentication credentials using secure channel.

Two, users connect from machines that are not subject to corporate security policies. Even if the user manages to start SSL session with SSL gateways, they are doing all their input and output on an unknown insecure machines that might as well be worm clearinghouses.

The propensity of a public machine loaded with keystroke loggers and remote management tools that allow the attacker to sniff passwords and collect session data is very high. Untrusted Clientless VPNs on an arbitrary machine is the weakest link in a security chain.
OpenVPN adheres to secure computing practices with a software component installed on the endpoints.

From the OpenVPN website:

“OpenVPN is a full-featured SSL VPN which implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or username/password credentials, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface.
OpenVPN is not a web application proxy and does not operate through a web browser.”

Another reason: OpenVPN is FREE. And works on Linux like OS’s AND Windows.

Next: we will learn how to implement a VPN Tunnel using OpenVPN.

Read on in Part III

Previously:
1. SSL VPNs and Using OpenVPN : What is an SSL VPN

Posted in: Linux Hacking, Networking Hacking, Security Software

, , , , , ,


Latest Posts:


dcipher - Online Hash Cracking Using Rainbow & Lookup Tables dcipher – Online Hash Cracking Using Rainbow & Lookup Tables
dcipher is a JavaScript-based online hash cracking tool to decipher hashes using online rainbow & lookup table attack services.
HTTP Security Considerations - An Introduction To HTTP Basics HTTP Security Considerations – An Introduction To HTTP Basics
HTTP is ubiquitous now with pretty much everything being powered by an API, a web application or some kind of cloud-based HTTP driven infrastructure. With that HTTP Security becomes paramount and to secure HTTP you have to understand it.
Cangibrina - Admin Dashboard Finder Tool Cangibrina – Admin Dashboard Finder Tool
Cangibrina is a Python-based multi platform admin dashboard finder tool which aims to obtain the location of website dashboards by using brute-force, wordlists etc.
Enumall - Subdomain Discovery Using Recon-ng & AltDNS Enumall – Subdomain Discovery Using Recon-ng & AltDNS
Enumall is a Python-based tool that helps you do subdomain discovery using only one command by combining the abilities of Recon-ng and AltDNS.
RidRelay - SMB Relay Attack For Username Enumeration RidRelay – SMB Relay Attack For Username Enumeration
RidRelay is a Python-based tool to enumerate usernames on a domain where you have no credentials by using a SMB Relay Attack with low privileges.
NetBScanner - NetBIOS Network Scanner NetBScanner – NetBIOS Network Scanner
NetBScanner is a NetBIOS network scanner tool that scans all computers in the IP addresses range you choose, using the NetBIOS protocol.


Comments are closed.