Penetration Testing

Mobile Workforce

more details...

Governance & Compliance

more details...

Training & Consultancy

Training Services

more details...

Home / Tools & Resources

25
Jan 05

Common VPN Security Flaws

Author: Roy Hills

Key Findings:

90% of remote access VPN systems have exploitable vulnerabilities
New security flaws - Username Enumeration Vulnerabilities
Lack of best security practice

Over a three-year period of testing VPNs, NTA Monitor has discovered that 90% of remote access VPN systems have exploitable vulnerabilities. The tests were mainly carried out for large organisations, including financial institutions that had their own in-house security teams. The common belief is that VPN systems are invulnerable, when in fact they are frequently the weak link in an otherwise secure system.

UDP Backoff Whitepaper

Author: Roy Hills

This paper discusses how it is possible to determine which implementation of a UDP service is being used from the retransmission backoff pattern. It uses IKE (Internet Key Exchange) as an example UDP service which can be identified in this way, although the technique may also be applicable to other UDP services. The paper also describes an example program called "ike-scan" which is able to discover and identify IPsec VPN systems running IKE. This program is publicly available under the GNU Public License (GPL).

Latest News

New version of network scanning tool arp-scan released

Assess risk to manage effects of budget cuts

Tests show rise in number of vulnerabilities affecting web applications with SQL Injection and XSS most common flaws

Basic security threats not changed in 15 years

Insider threat grows as new wave of job cuts loom

01234

I wish to highlight the outstanding work that your consultant undertook whilst doing the ICT Health Check for the Council.

View all Testimonials

Particularly notable was the level of technical knowledge displayed by NTA’s consultants, and we were also impressed that they were willing to share this knowledge with the network team.

View all Testimonials

We have found NTA to be an excellent supplier, offering a very good service at a competitive price. A key differentiator is that they are happy to answer any questions...

View all Testimonials

I have found NTA to be an approachable knowledgeable partner, and have no hesitation in recommending their services.

View all Testimonials

The NTA testing programme was a success on all fronts.

View all Testimonials

The quality of both the initial work and follow-up advice and guidance was excellent, and NTA provided full lifecycle support to the development and delivery of our Online Services portfolio.

View all Testimonials

On one occasion our third-party did not believe the vulnerability was an issue - having had their software tested by another well-known security testing company - and NTA Monitor were...

View all Testimonials

NTA Monitor are very supportive, especially regarding general questions about Information Security issues such as hacking and vulnerabilities.

View all Testimonials

NTA Monitor has been a trusted supplier for a number of years and we have found them to be approachable, helpful and understanding of our needs relating to information security.

View all Testimonials