Security Basics
Open VPN for PEN testing Sep 17 2013 06:07PM
ToddAndMargo (ToddAndMargo zoho com) (1 replies)
Hi All,

I have heard several folks say that they use Open VPN for human
penetration testing.
Reference:
https://www.pcisecuritystandards.org/pdfs/infosupp_11_3_penetration_test
ing.pdf

I apparently did not pay close enough attention. I figured that Open VPN
would get you past the firewall and the multilayer switch. Which sounded
right to me. Use Open VPN to create a connection to the
computer and/or network to be tested. Then test the computer/network
with nmap, Metasploit, etc.

But, if I remember correctly, they also said they used Open VPN
as a direct attack mechanism to try to break into ports. Not as
a mechanism to gain access to the computer/network.

Am I missing something? Can Open VPN actually be used as an attack
mechanism (nmap, metasploit) to test a computer/network?

Many thanks,
-T

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]
Re: Open VPN for PEN testing Sep 18 2013 01:05PM
Luis Lezcano Airaldi (luislezcair gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus