AWERProcedia Information Technology & Computer Science 1 (2012) 73-78 2 nd World Conference on Information Technology (WCIT-2011) Using penetration testing to discover VPN security vulnerabilities Defta (Ciobanu) Costinela - Luminit * PhD student, Doctoral School, University of Pitesti, Department of Computer Science, Str. Targu din Vale, nr.1, Arges and Postcode 110040, Romania Abstract A VPN is a private network constructed within a public network infrastructure, such as Internet. VPNs are widely used to create wide area networks (WANs) that span large geographic areas, to provide site-to-site connections to branch offices and to allow mobile users to dial up their company LANs. VPNs are generally considered to have strong protection for data communications, but if they are incorrectly configured they are still vulnerable, just as any other Internet-facing system. In the first part of this paper we will analyze and compare the key VPN security technologies, like IPsec and SSL. In the second part we will describe a common penetration testing methodology for VPNs. The objective is to discover vulnerabilities in the VPN implementation that an attacker may be able to exploit. Keywords: VPN, SSL, IPSec, Penetration testing, Network; Selection and peer review under responsibility of Prof. Dr. Hafize Keser. ©2012 Academic World Education & Research Center. All rights reserved. 1. Introduction Virtual private networks extend the reach of LANs without requiring owned or leased private lines. Companies can use VPNs to provide remote and mobile users with network access, connect geographically separated branches into a unified network and enable the remote use of applications that rely on internal servers. VPN can be used also on distributed systems. Distributed system model best suits on the organizational structure of companies that, because of their business needs, are geographically distributed. * ADDRESS FOR CORRESPONDENCE: Defta (Ciobanu) Costinela, Luminita. PhD student, Doctoral School, University of Pitesti, Department of Computer Science, Str. Targu din Vale, nr.1, Arges and Postcode 110040, Romania. Tel.: +40-767-024-056 E-mail address: lumi.defta@yahoo.com/ a