Hi i'm new here (and new to Back Track) so bare with me if i ask anythin stupid. I'm currently working on my dissertation for my final year of university and I've based it on the different types of hardware and software VPN solutions, the protocols they use and their security.
I need to prove that there is encryption for the tunnelling protocols that i've employed for my various VPN configurations, and exploit any weaknesses if possible!
However, I have no idea how to do this.
So far i've only been able to prove the tunnel is encrypted by sticking Wireshark in the middle of the network and identifying the header types.
My supervisor suggested I tried here to get some advice on which tools to use.
So far I have 3 VPN's to test:
- A server 2003 based remote-access VPN (2 servers: Domain server, VPN server, RADIUS (IAS) server) using L2TP/IPSec with certificates.
-A client to site VPN using a Cisco 2620 router as the VPN server and a Windows XP client
-Site-to-site VPN using numerous 3600 routers and a GRE tunnel (with IPSec). This is simulated on GNS3
I am also studying Hamachi, so if anyone knows anyway I can test the security on the tunnel technology that it uses it would be great!