VPN secure?

Posted on 2005-04-21
Last Modified: 2013-12-04
Just  question..  how secure is VPN?
I know its 128-bit encryption which means you need to have atleast a 16 char encryption 'password', which I guess is pretty hard to crack.
but does that make it ultra secure?
would anyone recommend changing the encryption 'password' every few months or so?
Question by:dr_binks
    LVL 16

    Accepted Solution

    Here's some interesting commentary:

    From the above link:
    "As key lengths increase, the number of combinations that must be tried for a brute force attack increase exponentially. For example a 128-bit key would have 2^128 (3.402823669209e+38) total possible combinations. For example, to theoretically crack the 128-bit IDEA key using brute force one would have to:

    develop a CPU that can test 1 billion IDEA keys per second
    build a parallel machine that consists of one million of these processors
    mass produce them to an extent that everyone can own one hundred of these machines
    network them all together and start working through the 128 bit key space"

    That said, of course, most encryption cracking isn't necessarily going to be brute force, they will come up with better methods. Something like AirCrack, for example, cracks WEP keys, but doesn't use brute force.

    Bottom line is that at the moment, 128-bit encryption, assuming it's properly implemented by the software with no bugs and vulnerabilities, it pretty darn safe. This just means that someone sniffing the encrypted traffic is very unlikely to be able to decrypt it.

    What you REALLY have to worry about is: users with bad VPN passwords, users that share their VPN passwords, users that leave the company and aren't properly removed, users that save their VPN password in cache and then lose their laptop, unpatched software vulnerabilities in the VPN server or client, etc, etc, etc.

    I wouldn't worry about changing the encryption password unless too many people know it. At 128-bits, I wouldn't worry about the strength of your encryption key. I would worry about educating users on best safety practices, and creating good practices and policies for the IT staff.
    LVL 38

    Assisted Solution

    by:Rich Rumble
    128 is good enough, if the algo is secure. 128-bit (single)DES would be pushing it, as DES is very outdated, and they now have specialized hardware for cracking it- not the public mind you, but "they" do. Propriatary encryption schemes are typically very insecure, if the VPN is using a "respectable" encryption method, such as IDEA, BlowFish, TwoFish, AES, MD5, 3DES etc... then your probably ok.

    Something that people tend to overlook is that just like electricty, hackers, crackers and other nastie people who want information, follow the path of least resistance to get it. A keylogger that emails or send an IRC message to someone is much better at getting a password than cracking or brute-forcing them. The Govt does the same thing, even the NSA with it's super computers and specialized equipment, resort to a keylogger or a FakeGina to capture keystrokes. They can even use a TEMPEST device, an antenna for electromagnetic signals, point it at your building, and look at what is on your monitor. But if your pass is behind ****'s that's all they see ;) but the Klogger will see it all.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
    Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    731 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now