VPN penetration testing explained

A Virtual Private Network, or VPN, is a gateway to your organizational network. While companies often prefer using a VPN for remote access, its importance has only increased by the COVID-19 pandemic. We recommended using VPNs as one of the good security practices to follow while working remotely. From an attacker’s perspective, finding a VPN means that they are close to a jackpot. It is easy to interpret for them that you are using a VPN to protect your sensitive data. In this article, we discuss VPN penetration testing and why it should be a part of your penetration testing program.

Why do we need to talk about VPN penetration testing?

So often, we have seen that our clients do not consider their VPN networks in the scope of a penetration test. It is easy to overlook VPNs by presuming that they are the most secure part of your network. However, this presumption is wrong, and VPNs appear to be attractive targets for attackers. Here are some of the reasons why VPN penetration testing is essential:

• VPNs provide a direct link to your organizational networks. As home working is becoming a norm, it is reasonable to use VPNs for allowing the employees to sign in securely to perform their daily tasks. Given that the connection is established through your authorized VPN, it is believed to be trusted.
• Your security controls must prevent unauthorized individuals from accessing your data. At this point, your security team needs to implement the correct configuration settings to control and monitor the connectivity provided by your VPN. Improper configuration settings may allow unauthorized individuals to access your internal network.
• It helps you in understanding how secure your remote access setup is.

What is VPN penetration testing?

Initially, it may sound like something complicated, but it is not. Though it is similar to the general penetration testing routine, there are certain specifics that penetration testers need to look out for. VPNs are of two types: SSL and IPSec. The exact steps involved in Network penetration testing will depend on the type of VPN you are using. Irrespective of the type, your VPN security assessment will consist of the following steps:

• Planning: This step sets the tone for the rest of the activity. The focus should be on defining the scope and realistic deadlines, with a clear distribution of roles and responsibilities.
• Port scanning and fingerprinting: Port scanning helps in the identification of your VPN type. Since you already know where your VPN is located, you can quickly direct your scanning tool to a particular range of IP addresses, instead of the entire network. You can determine the VPN type by checking the list of open ports.
  • If port number 500 is open, it is an IPSec VPN.
  • If port number 443 is open, it is an SSL VPN.

After port scanning, a pentester needs to fingerprint your vendor’s VPN and model. Using this information, they may search for model and vendor-specific attacks. Here, they are so many possibilities, such as:

• Finding out the type of authentication used by a VPN
• Exploiting the weaknesses in PSK (pre-shared key) authentication mechanism
• Running the captured hashes through password crackers to retrieve passwords

For SSL-based VPNs, tools used for scanning web applications can be useful. Using automated tests will give you false positives, and hence, manual testing may be needed. Just like firewalls, IPSec has default user accounts. After the initial installation, these default user accounts are not required.

• Exploiting known vulnerabilities: Based on the results of the previous step, this step focuses on exploiting the discovered vulnerabilities to measure vulnerability that must be patched immediately. If any default user accounts are found, they must be either removed or changed.
• Reporting: Like any other penetration testing exercise, the report summarizes the findings and lists out the action points for your security team to act on. These action points help your team with what they need to do for patching the identified vulnerabilities. You can read more about the contents of an ideal penetration testing report here.

Ending notes

BreachLock uses a proven penetration testing methodology. This methodology is powered by artificial intelligence and certified hackers, i.e., it combines the power of machines with human expertise. When our experts conduct a penetration test involving VPN(s), they start with identifying the product you are using along with how it is implemented. Our cloud platform facilitates the management of penetration tests between your team and our security experts. Get in touch with our experts today!