The document discusses network security topics including VPN services and VLANs. It provides information on VPN types (IPSec and SSL VPNs), operating modes, and pentesting techniques. It compares VPNs to Tor and explains how VLANs partition broadcast domains at the data link layer for improved scalability, security and congestion control.
The document discusses network security topics including VPN services and VLANs. It provides information on VPN types (IPSec and SSL VPNs), operating modes, and pentesting techniques. It compares VPNs to Tor and explains how VLANs partition broadcast domains at the data link layer for improved scalability, security and congestion control.
The document discusses network security topics including VPN services and VLANs. It provides information on VPN types (IPSec and SSL VPNs), operating modes, and pentesting techniques. It compares VPNs to Tor and explains how VLANs partition broadcast domains at the data link layer for improved scalability, security and congestion control.
The document discusses network security topics including VPN services and VLANs. It provides information on VPN types (IPSec and SSL VPNs), operating modes, and pentesting techniques. It compares VPNs to Tor and explains how VLANs partition broadcast domains at the data link layer for improved scalability, security and congestion control.
Security VPN Services and VLAN • Introduction to VPN • VPN types and operating modes Unit 7 • VPN Pentesting • VPN vs Tor VPN Services & • VLAN
VLAN
2 Virtual Private Network
● Technology used to transfer private data over public network
● Gives user similar experience as working from office ● Separation of traffic or encryption for security
Two Types:
● Clear Text VPNs
VPN ○ MPLS - L2VPN, L3VPN, VPLS ○ PPTP, L2F, L2TP
● Secure VPNs ○ IPSec ○ SSL IPSec VPN
Protect IP packets exchanged between remote networks or hosts and
an IPsec gateway located at the edge of your private network.
VPN
SSL VPN Securely connect a user's application session to services inside a protected network. Provides secure communication across Internet/ Public Network
- Integrity - Authentication - No encryption 1. Tunnel Modes - Original IP Header is encrypted - Encapsulated with new IP Header
->
2. Transport Modes IPSec VPN Modes - Original IP Header is retained
-> ● Negotiation is done for multiple parameters like encryption and authentication.
● Happens in two distinct phases:
○ Phase 1: ■ Setup secure encrypted channel for phase 2 ■ If phase 1 fails, phase cannot initiate ■ Two peers exchange credentials, identify each other, and find common Phase 1 settings. IPSec VPN Negotiations ■ Protocol is called ISAKMP (Internet Security Association and Key Management Protocol) ■ Items setup in transform are: ● Authentication: SHA1, SHA2, or MD5 ● Encryption: DES, 3DES, or AES ● SA Life: Time until the Phase 1 Security Association expires ● Key Group: The Diffie-Hellman key group ○ Phase 2: ■ Agree on set of parameters: ● What type of traffic can go through ● How to encrypt ● How to authenticate ■ Commonly known as Security Association ■ Phase 2 include following things: ● Use Phase 1 SA ● Exchange Phase 2 identifiers:. That includes ○ Which IP addresses behind local device can send IPSec VPN Negotiations traffic over VPN ○ Which IP addresses behind remote device can send traffic over VPN ○ Specified as Network address or range of IP address. Also called as tunnel route. ● Agreement on proposal for: ○ Type: AH or ESP ○ Authentication ○ Encryption ○ Force Key Expiration IPSec VPN Packet Tracer
● ACL access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
crypto map IPSEC-MAP 10 ipsec-isakmp set peer <peer router IP address> set pfs group5 set security-association lifetime seconds 86400 set transform-set RouterX->RouterY
● Apply crypto map on interface
crypto map IPSEC-MAP ISAKMP/ IKE use two methods of key exchange:
● Main mode: Encrypted hash of the pre shared key
● Aggressive mode: Fast but no encryption of hash
Setting up IKEv2 VPN Server with Strongswan that allows IPSec
This indicates that the target is not an IPSec gateway.
VPN Pentesting: IPSec 0 returned handshake; 1 returned notify
This indicates that although a VPN gateway is present, none of the VPNs transforms provided to it by ike-scan are acceptable.
1 returned handshake; 0 returned notify
Indicates that the target is configured for IPSec and will perform an IKE negotiation against one or more of the transforms that have been provided to it. 2. Fingerprinting VPN gateways If establish a handshake with the VPN gateway, you can conduct the fingerprinting of the device to return the following information:
● vendor/manufacturer and model
● software version ● Firewall if any
VPN Pentesting: IPSec
VPNs 3. Finding vulnerabilities associated with the VPN vendor or related products. ike-scan tool can be used to push a VPN gateway into aggressive mode.
ike-scan –pskcrack –aggressive –id=peer <target>
VPN Pentesting: IPSec
VPNs 4. Capturing preshared keys, and PSK cracking ike-scan -M -A -Ppsk-hash -d <target>
5. Checking for default user accounts.
VPN gateways usually contain default user accounts at the time of installation. These may not be changed by the administrator. SSL VPNs: ● Operates at layer 4-7 ● Connect user to specific app or service ● Best for email, file sharing, browser based app ● Gateway is deployed behind the firewall
IPSec VPNs: ● Operates at layer 3 ● Connect remote host to entire network IPSec vs SSL VPN ● Support all IP based applications ● Gateway usually implemented on the firewall
Key difference is the endpoints in both VPNs.
What if attacker gets the access of VPN (SSL and IPSec)?
● SSL VPN depends on TLS ● Incorporated in most of the browser ● Check-list for SSL VPN includes ○ Key exchange algo ○ Authentication algo ○ Ciphers ○ Message auth algo ○ TLS version
SSL VPN Pentesting
- VPN providers can see traffic but not in Tor - VPN cost money - Performance of VPN is high - Tor used to access dark web
Best way to achieve anonymity:
Tor ---> VPN
VPN v/s Tor Not the other way round, as tor exit node may be blocked by the website. A broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2)
