Given the wide spread use of VPNs, extended functionality that they provide, economy of use, and their transparency to the user, it was just a matter of time before the bad guys began to target VPNs. Some of the reasons the VPNs are targeted include the following:
Users tend to use VPNs to transmit sensitive information. This is understandable as the common belief is that VPNs are secure.
VPNs usually have full and unrestricted access to the internal networks. Gaining access via a VPN provides full and unfettered access to the corporate networks.
VPNs provide anonymity from IDSs if they are configured to operate outside the VPN. Any bad guy who gains access to the VPN can hide in the encrypted tunnel and not be detected by the IDS.
VPNs are comparatively soft targets. This is because people tend to consider IPSec relatively secure and tend to spend resources hardening other network components.
So, what are the ways the VPNs can be compromised? Understanding...