Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: How safe is a VPN connexion from within an internal network?

from [Jeffrey F. Bloss] Network Security [Permanent Link]
Subject: Re: How safe is a VPN connexion from within an internal network?
Date: Mon, 27 Nov 2006 00:30:42 -0500 
Peter Fuggle wrote:



You are right that "split tunneling" does not guarantee that the
remote network offering the VPN connectivity is safe from a
compromised client. Generally the client will be allocated an address
on the remote LAN - that's usually the point of establishing the
tunnel is it not? Now sure, the vpn client software can ensure that
the client can only make connections through the tunnel and not to
other devices on the local LAN or out to the internet. But depending


I disagree entirely with this assertion. It's not possible to guarantee
that a piece of software even has the ability to prevent non-VPN
connections even under perfect conditions. It is after all nothing but
another piece of software. And remember that within context we're
talking about a possibly compromised machine which could have a
buggered up copy of VPN client software.

Again, you absolutely ca not completely "shut off the Internet" because
the Internet is your "carrier". That connection still exists, and no
matter how adept a piece of software might be at filtering out
extraneous noise it can never be perfect.


upon how controlled egress connections are on the remote LAN, the
compromised client can still pose a risk. For example, the client has


At this point it becomes a moot argument because influence over the
connection is out of the client's hands.


a shell bot installed that connects out to the attacker's machine and
there is no control on outbound connections from the remote LAN...


If an attacker has compromised the machine to the point that it can
make surreptitious connections at all, there's no VPN software on the
planet that's going to save you. 


Compromised client establishes tunnel, shellbot connects out to
control machine _through tunnel_, attacker has full access to VPN
client and LAN that the client is connected into. In a case like
this, split tunneling gains nothing.


I'd say this is a waste of an attacker's time. ;) It's easier and far
more reliable to make a direct connection, avoiding the additional
problems and chances of being spotted that tunneling the unwanted
connection through yet another network/server/etc brings to the table.

-- 
Hand crafted on 27 November, 2006 at 00:19:53 EST using
only the finest domestic and imported ASCII.

I'd like to meet the guy who invented beer, and
see what he's working on now.

Attachment: signature.asc
Description: PGP signature

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: advice for ccna certification, adsfsadf
Next by Date:  Re: HASHES being sent through my network, Saqib Ali
Previous by Thread:  Re: How safe is a VPN connexion from within an internal network?, Peter Fuggle
Next by Thread:  Re: How safe is a VPN connexion from within an internal network?, Michal Merta
Indexes:  [Date] [Thread] [Top] [All Lists]