Vpn Security

[Mat]

At work we have laptops which connect back to the office via an IPSec over L2TP VPN. The connection is made with a username and password and a certificate is installed on the laptop, without which the username and password will not be accepted.

This, I think is a good thing.

This only works for windows though, the folks with a Mac laptop are out of luck. My only option to allow connections from the Mac's is to enable SSL VPN's but this is a security concern to me.

The SSL VPN is secured with only the username and password.

I see on the show that Darren often recommends the use of a VPN for domestic use, so you'd VPN while at Starbucks before connecting to gmail or something, so people cant get your email credentials, but the part I dont understand is, what's to stop someone sniffing my VPN username and password and then just connecting as me?

Short version then is: Is SSL VPN vulnerable to a replay attack, and is SSL VPN secure enough for corporate use?

Any and all comments on this topic will be appreciated.

Edited August 1, 2011 by Mat

[Infiltrator]

SSL replay attacks can occur but very rarely. You can safely use SSL VPN with no concerns that an attacker will attack you. In addition, for a SSL replay attack to occur the server has to be compromised by the attacker.

"If the server uses the same nonce (called "server_random" in the SSL/TLS specification) and the same session ID than for a previous handshake, then an attacker can send the exact same packets than what the client sent during that previous session, and the server will accept the whole thing. At least if the server uses a RSA key exchange cipher suite (which is the most common case).

This can easily be seen by following how the various cryptographic elements are computed. The ClientKeyExchange message contains the pre-master-secret, encrypted with the server public key; that packet can be replayed and is still a properly encrypted version of the same pre-master-secret. The encryption and MAC keys are then derived from the pre-master-secret, the client_random and the server_random, through the SSL/TLS "PRF" which is deterministic. Thus, if the randoms are unchanged (i.e. if the server uses the same server_random than previously, and the attacker sends the same ClientHello message than during the previous session) and the pre-master-secret is also unchanged, then the server will infer the same symmetric keys and will thus accept the captured encrypted packets as being genuine.

The attacker doing the replay would not gain any extra insight as to what the application data could look like; the attack is not a decrypting attack. But from the server point of view, this would look like a second genuine, voluntary connection. For a SSL connection used for a HTTPS POST request for a credit card payment, this would mean a double payment."

Source: http://security.stackexchange.com/questions/3664/ssl-replay-attack-when-client-server-random-is-missing

Edited August 2, 2011 by Infiltrator

[Mat]

Thanks for that, so as long as the vendor has done their job right, a packet replay attack is unlikely.

So, if I were to connect the VPN while connected to a "bad wireless network", and all the traffic were captured; a hacker wouldnt be able to just re-send everything and gain a connection to the workplace, and he'd not be able to extract the username/password from the packet capture because they'd be encrypted by the SSL layer.

That puts to rest most of my concerns; I was thinking that the encryption was not brought up until the link was, so the credentials may be passed in the clear.

The remaining point would be sslstrip or similar which I hear can get ssl credentials by putting itself in the live connection and impersonating the remote side (I think) anyone got any thoughts there?

I know I'm being too paranoid about this, but I think it's best to assume the worst and plan accordingly!

[edit: worth mentioning some specifics. The VPN is being made on OSX using the 3rd party software Tunnelblick and its connecting to a Smoothwall UTM308. I've spoken to smoothwall support about native LT2P over IPSec and they say it cant be done, basically. ]

Edited August 2, 2011 by Mat

[Infiltrator]

SSL is secure and you shouldn't be too worried with replay attacks. One thing to be aware of tough is, when using websites with SSL make sure they have the SSL Padlock and https instead of http, and it has been verified by VeriSign or some certificate issuing company.

Furthermore, don't go accepting fake certificates or certificates that haven't been approved. If your browser, detects that something is not right with the certificate leave the website immediately.

On the other hand, if you have to access sensitive information on hostile networks, you might want to use SSH instead of SSL. Not saying that SSL is NOT secure but it could fall victim for SSLStrip.

[Mat]

We may be talking about slightly different things.

I'm not referring to websites, or for that matter even a web browser.

Tunnelblick for OSX establishes a VPN using SSL protocols and makes it available to the system, the VPN is restricted to just allow the user to run a terminal services session on the office servers.

[Infiltrator]

We may be talking about slightly different things.

I'm not referring to websites, or for that matter even a web browser.

Tunnelblick for OSX establishes a VPN using SSL protocols and makes it available to the system, the VPN is restricted to just allow the user to run a terminal services session on the office servers.

I was just making a point about websites that use SSL, but I do know what you are referring to. You are referring to securing a point to point connection using SSL VPN. By the way, you should check out OpenVPN, if you haven't done so and its what I use at home.

Edited August 3, 2011 by Infiltrator