02 Oct 09 Security Consultant – Man In The Middle Attacks (MITM)

A Man In The Middle (MITM) attack is a popular network based attack in order to hijack a connection or to sniff traffic. A MITM attack actually covers a variety of different methods. A MITM attack is literally positioning yourself as the attacker between the two communicating parties. Whether you do that via an ARP attack, some type of cryptographic attack, or a physical attack depends on the requirements and scenario. As a security consultant it is important to ensure that the network and it’s communications are as secure as possible against this type of attack. I will cover a simple physical MITM attack, then an ARP attack, and then prevention techniques.
(more…)

Tags: arp, arp attack, arp poisoning, cryptographic attack, default gateway, gateway, layer 2, layer 3, man in the middle, managed switch, MITM, network bridge, nic, openvpn, router, Security Consultant, self signed certificate, SSL, switch

15 Sep 08 Quick Linux and Windows OpenVPN HOWTO and tutorial, including VPN routing

OpenVPN is a popular Windows/Linux VPN Server/Client pair. I think there’s a separate GUI available for it if you’re so minded. This howto will cover command line usage only.

I’ll provide example configuration based on a Linux server and a Windows client, however the same applies pretty easily if you wanted to mix and match.

On debian, apt-get install openvpn. On any other linux distro, use your own package manager or alternatively download from source and compile.
(more…)

Tags: 10.8.0.1, 10.8.0.2, apt-get, client, compile, compression, daemon, daemonize, debian, default gateway, distro, established, forward, generate, interface, IP address, iptables, ip_forward, keepalive, Linux, linux server, masquerade, nat, openvpn, package manager, ping, related, remote, route, route add, route delete, route print, routing, secret key, server, source, tap, tcp, tcpdump, traffic, tun, udp, VPN, vpn client, vpn server, windows, windows client