Your SlideShare is downloading. ×
idsecconf2010-hacking priv8 network
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

idsecconf2010-hacking priv8 network

1,616
views

Published on

This Paper Presented at IDSECCONF2010

This Paper Presented at IDSECCONF2010

Published in: Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,616
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
126
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Hacking into Bank priv8 Network y3dips@echo.or.id | y3dips.echo.or.id
  • 2. Private Network • Old time: Infrastructure Deploy by banks • Present time: Public infrastructure usage - VPN
  • 3. VPN • Just like a Phone call between 2 node over public phone infrastructure • Priv8 network service delivered over a public network infrastructure
  • 4. VPN • a Virtual Private Network • l2tp, pptp, ipsec, ssl vpn, ssh based vpn (oepn vpn)
  • 5. VPNVPN
  • 6. Why Using VPN • Bank eagerly needed a private line! • Reducing Cost. • “It should be” Secure.
  • 7. Why Attacking VPN • Yes, Its Private. • Is it Secure? (relatively). • The Most Dangerous place are the safest place. • Rely on the security product.
  • 8. Hacking The IPSECs VPN
  • 9. TheVPN Topology host client site client WEB server airport DB server Internet IPSEC Tunnel SITE-TO-SITE REMOTE ACCESS (software client)
  • 10. The IPSECs
  • 11. IPSEC
  • 12. IPSEC • Set of Protocols. • AH, ESP, IKE, Encryption. • Layer 3, Network • udp 500, 4500, IP 50,51
  • 13. Famous Issue with The IPSECs VPN
  • 14. Cisco “password 7” type encoding = l33t :P
  • 15. Core Issue ! supportforums.cisco.com
  • 16. Aggressive Mode Issue • Quick Handshake. • Hash in Plaintext. • Dedicated IP not a mandatory. • User (ID) not a mandatory.
  • 17. Well Known Tools • Ike-Scan • Ike-probe • IKEprober • ikecrack-snarf
  • 18. Custom Tools?
  • 19. How it works
  • 20. What Next? • Crack the PSK with known Tools • psk-crack • Build Your Own Cracker (not so hard but not done :P)
  • 21. Other Issue • Vendor Issue with the device/protocl implementation (!google) • Configuration Issue • Split tunneling • Transform Mode • Credential storing • Un-encrypted • Not Secure
  • 22. host client site client WEB server airport DB server Internet IPSEC Tunnel SITE-TO-SITE REMOTE ACCESS (software client) [ Show Over ]
  • 23. Survive • “Eliminate transport mode and the AH protocol, and fold authentication of the ciphertext into the ESP protocol, leaving only ESP in tunnel mode.” http://www.schneier.com/paper-ipsec.html
  • 24. Survive • Dont Use PSK please :) • Disable Aggresive Mode in the device • Network Filtering • Never use Dynamic IP • Filter IP to connect to Gateway
  • 25. Reference • PSK Cracking using IKE Aggressive Mode - Michael Thumann • IPSec VPN Design - Vijay Bollapragada, Mohamed Khalid, Scott Wainner • Great Old “google” also for “most of the” images.
  • 26. Thanks @y3dips