vpn tunnel and encryption

Discussion on encryption, data integrity, passwords, etc

Moderator: 127.0.0.1

vpn tunnel and encryption

Postby insecurepc » Thu Apr 10, 2003 7:58 pm

With a vpn tunnel why is there even a need for encryption?
insecurepc
End-Loser
End-Loser
 
Posts: 56
Joined: Wed Apr 09, 2003 9:51 pm

Postby kostyanj » Thu Apr 10, 2003 11:04 pm

Because there are ways of "hijacking the session". It's pretty hard to pull off, but it is possible to split the connection and spoof someone's IP address and the server will think that you're the other person. But if the data is encrypted, the hacker has to sniff out the data and decrypt it before getting anywhere.
User avatar
kostyanj
Admin
Admin
 
Posts: 836
Joined: Thu Feb 27, 2003 4:08 am

Postby insecurepc » Thu Apr 10, 2003 11:14 pm

I thought you had to disable the real device your impersonating otherwise you have two devices with the same ip and going now where. Even then you would have to have the initialization key in addtion to the ip. So if you use a alphanumberic and special charactor key getting the initialization key is very difficult. All this and you still can add mac address filter on top of it all. So the case for crypto still seems questionable.
insecurepc
End-Loser
End-Loser
 
Posts: 56
Joined: Wed Apr 09, 2003 9:51 pm

Postby kostyanj » Thu Apr 10, 2003 11:18 pm

insecurepc wrote:I thought you had to disable the real device your impersonating otherwise you have two devices with the same ip and going now where. Even then you would have to have the initialization key in addtion to the ip. So if you use a alphanumberic and special charactor key getting the initialization key is very difficult. All this and you still can add mac address filter on top of it all. So the case for crypto still seems questionable.



Well first of all, if you disable split tunneling at the device, you don't even have to worry about it. But as for the MAC filtering, MAC address are also able to be spoofed pretty easily. You wouldn't need the initialization key, because the session is already established, you're just comming into after the person already established the tunnel.
User avatar
kostyanj
Admin
Admin
 
Posts: 836
Joined: Thu Feb 27, 2003 4:08 am


Return to Encryption

Who is online

Users browsing this forum: No registered users and 1 guest

cron