Penetration Testing IPsec VPNs

by Rohyt Belani, K. K. Mookhey
Sept. 25, 2017 1 comment Symantec Pen Testing & Audits ipsec vpn

This article discusses a methodology to assess the security posture of an organization's Ipsec based VPN architecture. The first part of the article looks at the components of IPSec based VPNs, which use client software to connect to the VPN server as opposed to SSL based VPNs, which only use a browser. The second step describes a penetration test of the VPN setup, and then finally a review of the architecture and system configuration is suggested. A comprehensive VPN assessment must account for all possible attack vectors for it to be a useful gauge of security posture.

2flash 8 months, 3 weeks ago

This methodology on testing IPsec VPNs is pretty clear, but not sure how much it can still be used today.