Fingerprinting Tool Identifiies VPN Servers
NTA Monitor releases IKE-scan tool for VPN scanning and identification

NTA Monitor, Europe's leading Internet security testing company, has launched
a tool to enable network administrators to scan and identify virtual private
network (VPN) servers within their networks. The security-auditing tool will
enable users to take corrective action if they identify VPN servers that have known flaws.

The NTA Monitor VPN Fingerprinting tool (ike-scan) exploits transport
characteristics in the Internet Key Exchange (IKE) service, the mechanism used
by VPNs to establish a connection between a server and a remote client.

The ike-scan tool scans IP addresses for VPN servers by sending a specially
crafted IKE packet to each host within a network. Most hosts running IKE
will respond, identifying their presence. The tool then remains silent and
monitors retransmission packets. These retransmission responses are recorded,
displayed and matched against a known set of VPN product fingerprints.

NTA Monitor has identified that there is no standard for how IKE handles
retransmission, in terms of delay before retransmission, frequency of retransmission
and number of retransmissions. Each VPN vendor uses a different set of variables
in its own products, resulting in a unique signature for each VPN product.

NTA Monitor cautions network administrators to ensure that all VPNs in their
network are running the manufacturer's latest secure software release. This
guidance follows a series of high profile VPN vulnerabilities identified by
NTA Monitor and other security vendors in the last few months.

The NTA Monitor ike-scan tool currently identifies VPNs from manufacturers
including Checkpoint, Cisco, Microsoft, Nortel, and Watchguard. The detection
of these products does not imply that any particular product is at fault, more
that these are among the most commonly found VPN products. NTA Monitor aims to
release updated versions of the ike-scan tool, as more VPN server signatures
are developed through in-house development and contributions from the security
community.

"VPNs have been assumed to be an invisible and secure method of communication
between a server and a remote connection. But such thinking is naive. NTA Monitor's
ike-scan tool shows that VPNs cannot only be discovered but the manufacturer,
and sometimes the version, can also identified. Network administrators need to
ensure that they are aware of VPNs configured within their network and ensure
that they are using the latest secure software release," said Roy Hills, technical
director, NTA Monitor.

The NTA Monitor ike-scan tool has been developed by technical director Roy Hills
and is being released by NTA Monitor under the GNU General Public Licence (GPL).
The tool and a white paper describing the issue of VPN backoff fingerprinting can
be downloaded from NTA Monitor's Web site at: www.nta-monitor.com/ike-scan/

VPNs are much used today to provide remote offices or individual users with secure
access to their organisations. A VPN works by using a shared public network while
maintaining privacy through security procedures and encrypting data in transit.
In effect, the tunneling protocols used, encrypt data at the sending end and decrypt
it at the receiving end. An additional level of security involves encrypting not
only the data, but also the originating and receiving network addresses.

The ike-scan homepage is located at:

	http://www.nta-monitor.com/ike-scan/