Scribd Logo
Upload

Welcome to Scribd!

  • 7 VPN Services - VLAN

    Uploaded by

    Naveen Kumar
    28 views21 pages

    Original Title

    7 VPN Services _ VLAN

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    28 views21 pages

    7 VPN Services - VLAN

    Uploaded by

    Naveen Kumar

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 21

    Network Basics and Network

    Security
    VPN Services and VLAN
    • Introduction to VPN
    • VPN types and operating modes
    Unit 7
    • VPN Pentesting
    • VPN vs Tor
    VPN Services & • VLAN

    VLAN

    2
    Virtual Private Network

    ● Technology used to transfer private data over public network


    ● Gives user similar experience as working from office
    ● Separation of traffic or encryption for security

    Two Types:

    ● Clear Text VPNs


    VPN ○ MPLS - L2VPN, L3VPN, VPLS
    ○ PPTP, L2F, L2TP

    ● Secure VPNs
    ○ IPSec
    ○ SSL
    IPSec VPN

    Protect IP packets exchanged between remote networks or hosts and


    an IPsec gateway located at the edge of your private network.

    VPN

    SSL VPN
    Securely connect a user's application session to services inside a
    protected network.
    Provides secure communication across Internet/ Public Network

    ● Encryption
    ● Payload Verification
    ● Authentication

    IPSec Protocols

    1. Encryption Security Payload (IP Protocol - 50)


    - Integrity
    IPSec VPN - Authentication
    - Encryption

    2. Authentication Header (IP Protocol - 51)


    - Integrity
    - Authentication
    - No encryption
    1. Tunnel Modes
    - Original IP Header is encrypted
    - Encapsulated with new IP Header

    ->

    2. Transport Modes
    IPSec VPN Modes - Original IP Header is retained

    ->
    ● Negotiation is done for multiple parameters like encryption and
    authentication.

    ● Happens in two distinct phases:

    ○ Phase 1:
    ■ Setup secure encrypted channel for phase 2
    ■ If phase 1 fails, phase cannot initiate
    ■ Two peers exchange credentials, identify each other, and
    find common Phase 1 settings.
    IPSec VPN Negotiations ■ Protocol is called ISAKMP (Internet Security Association
    and Key Management Protocol)
    ■ Items setup in transform are:
    ● Authentication: SHA1, SHA2, or MD5
    ● Encryption: DES, 3DES, or AES
    ● SA Life: Time until the Phase 1 Security Association
    expires
    ● Key Group: The Diffie-Hellman key group
    ○ Phase 2:
    ■ Agree on set of parameters:
    ● What type of traffic can go through
    ● How to encrypt
    ● How to authenticate
    ■ Commonly known as Security Association
    ■ Phase 2 include following things:
    ● Use Phase 1 SA
    ● Exchange Phase 2 identifiers:. That includes
    ○ Which IP addresses behind local device can send
    IPSec VPN Negotiations traffic over VPN
    ○ Which IP addresses behind remote device can send
    traffic over VPN
    ○ Specified as Network address or range of IP
    address. Also called as tunnel route.
    ● Agreement on proposal for:
    ○ Type: AH or ESP
    ○ Authentication
    ○ Encryption
    ○ Force Key Expiration
    IPSec VPN Packet Tracer

    ● ACL
    access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0
    0.0.0.255

    ● ISAKMP Policy (Phase 1)


    crypto isakmp policy 10
    encryption aes 256
    authentication pre-share
    group 5

    ● ISAKMP Key
    crypto isakmp key secretkey address <wan int of other n/w>

    ● IPSec transform-set (Phase 2)


    crypto ipsec transform-set RouterX->RouterY esp-aes 256
    esp-sha-hmac
    IPSec VPN Packet Tracer

    ● Crypto map (tie it together)


    crypto map IPSEC-MAP 10 ipsec-isakmp
    set peer <peer router IP address>
    set pfs group5
    set security-association lifetime seconds 86400
    set transform-set RouterX->RouterY

    ● Apply crypto map on interface


    crypto map IPSEC-MAP
    ISAKMP/ IKE use two methods of key exchange:

    ● Main mode: Encrypted hash of the pre shared key


    ● Aggressive mode: Fast but no encryption of hash

    Setting up IKEv2 VPN Server with Strongswan that allows IPSec


    tunneling between client and server:

    VPN Steps

    Other popular VPN:


    - Proton VPN
    - Express VPN
    - Nord VPN
    Vulnerable VPNs:
    SHODAN.io

    1. Scanning VPN Gateway

    2. Fingerprinting VPN gateways (determine vendor and configuration


    details).

    3. Finding vulnerabilities associated with the VPN vendor or related


    VPN Pentesting: IPSec products.
    VPNs
    4. Capturing preshared keys, and PSK cracking (offline).

    5. Checking for default user accounts.


    1. Scanning VPN Gateway

    ike-scan -M <Target IP>

    0 returned handshake; 0 returned notify


    This indicates that the target is not an IPSec gateway.

    VPN Pentesting: IPSec 0 returned handshake; 1 returned notify


    This indicates that although a VPN gateway is present, none of the
    VPNs transforms provided to it by ike-scan are acceptable.

    1 returned handshake; 0 returned notify


    Indicates that the target is configured for IPSec and will perform an
    IKE negotiation against one or more of the transforms that have been
    provided to it.
    2. Fingerprinting VPN gateways
    If establish a handshake with the VPN gateway, you can conduct the
    fingerprinting of the device to return the following information:

    ● vendor/manufacturer and model


    ● software version
    ● Firewall if any

    VPN Pentesting: IPSec


    VPNs
    3. Finding vulnerabilities associated with the VPN
    vendor or related products.
    ike-scan tool can be used to push a VPN gateway into aggressive
    mode.

    ike-scan –pskcrack –aggressive –id=peer <target>

    VPN Pentesting: IPSec


    VPNs 4. Capturing preshared keys, and PSK cracking
    ike-scan -M -A -Ppsk-hash -d <target>

    5. Checking for default user accounts.


    VPN gateways usually contain default user accounts at the time of
    installation. These may not be changed by the administrator.
    SSL VPNs:
    ● Operates at layer 4-7
    ● Connect user to specific app or service
    ● Best for email, file sharing, browser based app
    ● Gateway is deployed behind the firewall

    IPSec VPNs:
    ● Operates at layer 3
    ● Connect remote host to entire network
    IPSec vs SSL VPN
    ● Support all IP based applications
    ● Gateway usually implemented on the firewall

    Key difference is the endpoints in both VPNs.

    What if attacker gets the access of VPN (SSL and IPSec)?


    ● SSL VPN depends on TLS
    ● Incorporated in most of the browser
    ● Check-list for SSL VPN includes
    ○ Key exchange algo
    ○ Authentication algo
    ○ Ciphers
    ○ Message auth algo
    ○ TLS version

    SSL VPN Pentesting


    - VPN providers can see traffic but not in Tor
    - VPN cost money
    - Performance of VPN is high
    - Tor used to access dark web

    Best way to achieve anonymity:


    Tor ---> VPN

    VPN v/s Tor Not the other way round, as tor exit node may be blocked by the
    website.
    A broadcast domain that is partitioned and isolated in a computer
    network at the data link layer (OSI layer 2)

    Addresses issues such as:


    ● Scalability
    ● Security
    ● Network congestion

    Virtual LAN
    Lab:

    Setting VLAN is cisco packet tracer


    Thank you

    You might also like