Tips and Tricks: Using vpnc in Backtrack 5 to connect to Cisco VPNs

Every once in a while, I’m going to post something that I pick up along the way.  These will usually be for my own reference after I’ve pretty much broken my brain trying to get something to work and it finally *just did*.  Often, these will be amalgamations or clarifications of things I’ve found elsewhere and I will give credit as such.  I make no promises that it will work for you, but I will provide as much detail along the way as I can.  I don’t usually use GUI package managers, though, so you may have to get into some new territory on that part if you’re not used to the command line.

Platform: Backtrack 5R3 guest in VMWare Workstation 9.0 running on Windows 7 host (but should work in native Backtrack as well)
Software: vpnc
Unusual Aspects: RSA token authentication

Part of my job in pen testing involves connecting to VPNs to perform tests on internal networks without having to physically visit the site.  This creates problems, though, as I usually run Backtrack from a VM, and either VMWare or Windows 7 (or both) are giving me troubles where sometimes the network simply stops functioning.  It’s an odd thing where at one point the NAT gateway is responding to ARP requests but then it’s not.  Nessus (running in Backtrack) keeps sending packets as seen in a capture in BT, but they’re not getting passed on through the host.  The issue isn’t present when running in bridged mode, but that means I can’t use the corporate VPN software on the Windows host.  But with the help of vpnc and a few sites on the Internet, I was able to get it working, which also allows me to run internal and external tests at the same time.

Continue reading “Tips and Tricks: Using vpnc in Backtrack 5 to connect to Cisco VPNs”

Shortage of InfoSec pros noticed, but how many do we need?

This story caught my eye a few weeks ago and I sort of brushed it off as a standard story of how the US is doomed unless we keep up with the programs of other nations who apparently have people far better at penetrating systems than we ever will, and the only way to keep up is to pump tens of thousands of people through training. I tend to dismiss these stories because although they often have a grain of truth to them, there’s usually more going on than people understand.

Before I get into this, I want you to understand that I am not disagreeing with the need for more InfoSec pros and definitely the need for better training. We see the need for it all the time when we see breaches happening that should never have happened. Sure, there are going to be those that happen because someone found a serious 0-day and slipped in before anyone knew it was a problem. But most of the time, probably closer to 99% of the time, these things happen not because of a new attack but because the existing infrastructure wasn’t protected properly against current attacks. Continue reading “Shortage of InfoSec pros noticed, but how many do we need?”