Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Tester claims 90% of VPNs open to hackers

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Tester claims 90% of VPNs open to hackers
Date: Tue, 8 Feb 2005 02:54:44 -0600 (CST) 
http://www.computerweekly.com/articles/article.asp?liArticleID=136571

By Antony Savvas 
8 February 2005 

Security testing company NTA Monitor has claimed that 90% of virtual
private networks are open to hackers.

Over a three-year period of testing VPNs at large companies, NTA
Monitor said 90% of remote access VPN systems have exploitable
vulnerabilities, even though many companies, including financial
institutions, have in-house security teams.

Flaws include "user name enumeration vulnerabilities" that allow user
names to be guessed through a dictionary attack because they respond
differently to valid and invalid user names.

Roy Hills, NTA Monitor technical director, said, "One of the basic
requirements of a user name/password authentication is that an
incorrect log-in attempt should not leak information as to whether the
user name or password is incorrect. However, many VPN implementations
ignore this rule."

The fact that VPN user names are often based on people's names or
e-mail addresses makes it relatively easy for an attacker to use a
dictionary attack to recover a number of valid user names in a short
period of time, said Hills.

Passwords can also be made harder to crack by deploying a mixture of
characters and numbers. Hills said a six-character password can be
cracked in about 16 minutes using standard "brute force" cracking
software. However, a six-character password combining letters and
numbers could take two days to crack.



_________________________________________
Bellua Cyber Security Asia 2005 -
http://www.bellua.com/bcs2005
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Tester claims 90% of VPNs open to hackers, InfoSec News <=
Previous by Date:  [ISN] Bush backs boost for cybersecurity, InfoSec News
Next by Date:  [ISN] Webroot Software Resigns from COAST, InfoSec News
Previous by Thread:  [ISN] Bush backs boost for cybersecurity, InfoSec News
Next by Thread:  [ISN] Webroot Software Resigns from COAST, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]