Evaluating VPN Solutions

Presented at DEF CON 9 (2001), July 14, 2001, 7 p.m. (50 minutes).

This session will detail a methodology by which security professionals may independently examine the security of a VPN. We will cover basic concepts of key exchange and management, leading into a description of good and bad ways by which the two ends of a VPN connection arrive at the necessary shared secret. We will discuss common mistakes such as improper random seeding or key exchange, and step through a checklist of things to check. Finally, we will apply this methodology before the audience in the testing of a running VPN system, and demonstrate two vulnerabilities that exist.


Presenters:

Links:

Similar Presentations: