July 19, 2021

Guys, so I wanted to ask about a real-life experience you had of the cyber-attacks exploiting a VPN connection to get into a network.

To make things clear, basically, I want to get multiple scenarios that happened in your experience with preventing cyber-attacks where VPN IPsec or SSL VPN were exploited (it doesn’t matter what specifically). To clarify, due to a pandemic decent amount of companies started using a VPN for their employees, and I want to go through what can happen and what happened based on your experience and how you prevented it.

PS. just curious ))

Comments

scottwsx96

I know someone at another org that had an issue several years back where a pen tester defeated MFA on remote access by taking advantage of the fact that helpdesk did access provisioning, the helpdesk gave all new employees the same password, that password was terrible as it included the company name and current year (making it very easy to guess), new hire accounts were created several weeks in advance in many cases, and the new hires had not registered their second factor authenticator yet. The result was that the attacker was able to directly connect to the VPN without MFA and enroll themselves.

Needless to say, the company made some organizational and process changes in the wake of that, including creating a specialized security team to handle access, giving new employees unique passwords, making them randomly generated, creating user accounts in a disabled state, and enabling them only on the date of hire.

If you were looking something like a defeat of VPN encryption, I don’t have anything to pass on about that.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.