• Nexpose
  • Overview
  • Features
  • Architecture & Open API
  • Try NeXpose
  • Buy NeXpose
  • System Requirements
  • Vulnerabilities Tested
  • NeXpose Information
• Solutions
  • Web Application VA
  • Database VA
  • Network & OS VA
  • Compliance Scanning
• Services
  • PCI Compliance Testing
  • Penetration Testing
  • Web Application Security Audits
  • Best Practices Consulting
  • Social Engineering
  • NeXpose Training
• Support
  • NeXpose FAQ
  • System Requirements
  • Support Form
  • Vulnerabilities Tested
  • Customer Center Login
• Security Center
  • Advisories
  • Vulnerabilities Tested
  • Compliance
  • White Papers & Articles
  • SSHredder Test Suite
• Company
  • Management
  • Board of Directors
  • Investors
  • Customers
  • Partners
  • Press Room
  • Events
  • Careers
• Customers

• Advisories
• Vulnerabilities Tested
• Compliance
• White Papers & Articles
  • SQL Injection
  • Cross-Site Scripting
  • Directory Traversal
  • Public Hub Traffic
  • Modem Intruders
  • Infected Laptops
  • VPN Insecurity
  • Firewall Fallacies
• SSHredder Test Suite

Of further interest:

• NeXpose White Paper

VPN Insecurity

The advancements in technology have enabled people to effectively work from remote offices, accessing the corporate network as they would have locally. To secure communications between remote users and the corporate network, businesses have employed the use of the Virtual Private Network (VPN).

A VPN is used to create a secure tunnel between two networks that are connected via potentially hostile networks. Two popular protocols used to create VPN tunnels are IP Security (IPSec) and the Point-to-Point Tunneling Protocol (PPTP). VPN tunnels provide data security by encrypting data sent between the two hosts. When using a VPN with a strong encryption algorithm, such as Triple-DES (3DES), the chances of compromising the data are quite low.

What's the Security Issue ?

Even with the inherent security of the VPN tunnel, compromising the network is still a concern. If a hacker gains access to any system that is connected via the VPN, they have a means of penetrating the entire network. With the proliferation of high-speed connectivity such as broadband, many more remote PCs are left on permanently; permanently connected to the corporate network, the Internet Service Provider (ISP), the Internet and hackers.

If the remote user has not taken the proper precautions to secure their system on the network, the VPN can be abused by malicious users. Whether connected via a dial-up connection (modem) or a broadband connection (DSL or cable modem), systems connected to the Internet are being scanned constantly for open ports and their related services. Most systems run services by default that users don't realize exist. Even essential services in the system can have flaws. When hackers find these services, they can take advantage of them. Any point of entry, be it a system in a remote office or a user working from home, can provide a hacker with keys to your company.

How NeXpose Helps

All systems on any of the networks being used in a VPN environment must be constantly monitored for vulnerabilities. NeXpose can perform security audits on these systems in three simple steps: specify the systems to test, how you want to be notified and then schedule the scan. You will identify all system vulnerabilities with an accuracy that other systems can not achieve. Combine that with the ability to grab all the latest vulnerability tests automatically, and auditing systems was never easier.

Copyright © 2001 - 2008, Rapid7, LLC. All Rights Reserved.

• Home
• |
• Nexpose
• |
• Solutions
• |
• Services
• |
• Support
• |
• Security Center
• |
• Company
• |
• Contact