networking - Can I run a VPN server with certificates only, and no password/pre-shared keys?

07
2014-04
  • James B

    I've seen several writeups around discussing VPN server configuration. In all of them, there are 2 or 3 pre-shared keys / passwords used at various levels of the tunnel -- one for IPSec, one for L2TP, one for PPP.

    This seems silly. I've always been of the opinion, why use a (relatively) tiny, insecure password when you can use a software token of arbitrary length?

    At best, though, I've seen the suggestion to use racoon to handle certificate-based authentication at the IPSec layer. That still leaves 2 other layers to worry about. Can I do better? If not, would it be possible / secure to omit the PSK at 2 of the 3 layers and still restrict use to authorized accounts?

    I'm specifically looking for something that works well cross-platform, with both mobile and desktop clients. I'm also more concerned with IP masquerading than security, so "best" encryption is not a concern.

    • Answers
    Know someone who can answer? Share a link to this question via email, Google+, Twitter, or Facebook.

    Related Question

    networking - Can a malicious hacker share Linux distributions which trust bad root certificates?
  • Rohit Banga

    Suppose a hacker launches a new Linux distro with firefox provided with it. Now a browser contains the certificates of the root certification authorities of PKI. Because firefox is a free browser anyone can package it with fake root certificates. Thus a fake root certificate would contain a the certification authority that is not actually certified. Can this be used to authenticate some websites. How?

    Many existing linux distros are mirrored by people. They can easily package software containing certificates that can lead to such attacks. Is the above possible? Has such an attack taken place before?


    • Related Answers
  • Simon P Stevens

    Most open source software applications will be published along with a hash key of some kind. There are lots of tools available that will allow you to verify that what you have downloaded has the same hash as the one published on the project's website. So even if you download the files from a mirror, you can check the hash to verify that the download has exactly the same content. This means that to do what you are suggesting the attacker would have to also subvert the projects website and publish a fake hash key, but even then someone would notice pretty quickly that the published hash did not match all the valid software downloads.

    I suppose there is no reason why an attacker couldn't create their own Linux distro, but remember this stuff is all open source, so people could verify it wasn't doing anything malicious. When a new distro is small no one is likely to verify it, but if it were ever to achieve large scale adoption like Ubuntu, Suse, Fedora etc, then someone will take the time to verify it.

  • martyvis

    There is always a chain of trust. For most people it starts (for them) in the bricks-and-mortar store where they buy their pre-built computer or shrink-wrapped software. You trust in known brands and the fact that the store has been there for a little while and hasn't been raided by the police.

    Linux and open-source software that you download from the net also has a chain of trust. You trust a distro vendor (because other people do, or you have read about it in a mag). You assume Google sends you to the correct URL. You assume the people there properly sign the software (that is, they encrypt a hash, or unique defining signature, of their software) that you can test. But if any one of those links in the chain are broken, trust can be compromised.

  • lavamunky

    As Simon Stevens said, they usually come with a hash, though I have noticed a lot actually come with a MD5 hash which has proven weaknesses. So it would be quite possible, even changing the hask key, depending on what the hash was generated with. It's best to check if they have a SHA-2 hash, they are much more secure than MD5, and if something like MD4 is used, just don't trust it at all.

  • 8088

    To answer your initial question, yes an attacker could generate their own CA and add it as a trusted authority to the browser. This is a feature though, the list of trusted CAs are only the widely accepted list. There is no reason why you shouldn't be able to add your own CA. This brings us back to the point where you just have to be able to trust the sources where you get your software. If a user downloads a corrupted linux install with malicious code in it, the most likely attack would be a rootkit of some sort.

    If you are worried you can always check the list of allowed CAs by Firefox and compare it to your current install.