Building a PPTP VPN - Wireless Hacking Projects for Wi-Fi Enthusiasts

The realities and challenges of open wireless technologies lead to many interesting solutions.The emergence of Wired Equivalent Privacy (WEP) encryption offered an early form of protection.The integrity of this solution slowly dissipated as security analysts found vulnerabilities, and crackers began breaking the encryption.The weakness in this encryption mechanism gave rise to the Wi-Fi

Protected Access (WPA) solution and later, 802.11. Now WPA faces some security scrutiny, as analysts start uncovering issues. Some speculate these issues will result in the fall of WPA. So with WPA on shaky ground, we chose to seek other solutions. While 802.1x technologies hold promise, this solution requires significant infrastructure to deploy. Furthermore, deploying this technology to old oper- ating systems comes with some challenges.

Facing the encryption challenge requires patience and ingenuity. Many creative users turn to VPN technology to provide a higher level of protection.These encryption tunnels act as a crypto- graphic highway, protecting wireless traffic from outsiders trying to intercept the flow.The movement toward VPN technologies helps users enjoy the wonders of wireless. For our wireless VPN, we chose PPTP. While the PPTP protocol comes with issues, many of the security findings have been repaired.

Figure 3.8 Enhanced ToS Page with the SoCalFreeNet Logo

For the issue surrounding password guessing attacks, we’ll use long, complex passwords to mitigate much of this risk. While PPTP still presents some risk, we felt our solution offered a marked improve- ment over sending information across the community network in cleartext. Clearly, every wireless project must select the encryption tools that give them comfort. Many of our nodes do not use encryption at all and prefer an “open” approach. While this is considered less secure, it is easier to deploy and support. As with all security decisions, you must use judgment to balance between security needs and usability.

N

OTE

…E

ARLY

W

OES OF

PPTP

In 1998, the famous security analysts Schneier and Mudge released a pivotal paper

(www.schneier.com/pptp.html) on weaknesses in Microsoft’s PPTP implementation. Microsoft fixed many of these issues with subsequent releases (fixes require the DUN 1.3 upgrade);

however, the password guessing threat still applies. Using complex passwords longer than 14 characters helps mitigate much of the risk from password guessing attacks.

Preparing for the Hack

Once we’ve gained some comfort from our VPN solution, we can jump into its implementation.

Preparing for this hack follows the same requirements as discussed in the captive portal hack. Make sure to install your m0n0wall software, configure the ports, and test all connectivity.This helps ensure thatwe focus on the VPN configuration rather than addressing other configuration issues.

W

ARNING

: H

ARDWARE

H

ARM

While our PPTP tunnel provides protection for users smart enough to use the tunnel, our network still allows users to connect using cleartext. Since many wireless users lack the security knowledge to understand the dangers of cleartext communications, we must actively edu- cate users about good security habits and enforce their use.

Performing the Hack: Enabling the VPN

Configuration consists of two major phases.The first phase focuses on setting up the m0n0wall device, while the second focuses on configuring a client. Fortunately, the client comes embedded in many versions of Windows, including Windows 95, NT, 2000, XP, and higher versions.

On the server side, m0n0wall version 1.1 supports IPSec and PPTP tunnels. Setting up PPTP involves the following easy steps in m0n0wall’s Web interface:

1. Select the VPN | PPTPoption from the left menu bar. Notice both the Configuration tab and the Users tab near the top of the page. We will use both of these during this configuration.

2. In the Configurationtab, select the Enable PPTP serverradio button.

3. In the Server Addressbox specify the IP address for the PPTP server.This is the IP address of the m0n0wall that clients will use once their VPN tunnels get connected. In our

example, the server’s address is set to 10.13.37.2.This IP address is simply one IP above our default gateway address on the LAN side.Remember to choose an address that falls outside the DHCP range you specified on the Services | DHCPmenu.

4. Enter a network address in the Remote address rangefield. If you’re unfamiliar with sub- netting and how to choose an appropriate /28 network address, I recommend using a zero in the last octet. Our example uses the 192.168.13.0 range.

5. Optionally, you can select to enforce 128-bit encryption. We recommend using this unless you run into some conflict with a user.

6. Click the Savebutton at the bottom. We will get a message back at the top stating “The changes have been applied successfully.” See Figure 3.9 for the final result. We now have a running PPTP server on the m0n0wall, and simply need to add some user accounts.

7. While still at the VPN | PPTPmenu option, click the Userstab toward the top of the screen.

8. Select the plus-shaped icon on the right side of the screen and a new user screen will appear. Figure 3.10 shows the new user screen.

Figure 3.9 VPN:PPTP Configuration

9. In the Usernamefield enter the desired logon ID. In our example, we will use CommunityUser1.

10. For the Passwordfield, enter a long and complex password twice. By long and complex, we mean use numbers, upper- and lowercase alpha characters, and special characters (like &).

One handy memorization technique uses the first letter from each word of a song. For example (please don’t use this example in your environment) “Mary Had A Little Lamb,A Little Lamb,And Its Fleece Was White As Snow…” would equate to a password of 2MhallAllAifwwas2. We added the number 2 onto the front and back to increase the complexity.

N

EED TO

K

NOW

…

0

WALL

P

ASSWORDS

At publication of this book, m0n0wall did not support special characters (~!@$%^&*...). If a later version of m0n0wall supports this feature, we highly recommend using special characters. This increases the difficulty of password attacks exponentially.

11. In the IP address field, enter the IP this user will always get. We highly recommend using this option, since this will give us direct traceability from our logs to this PPTP user.This IP address must fall within the range we specified in the Remote Address Range on the first tab (192.168.13.0/28). In our example, we chose the first IP in this range (192.168.13.1).

12. For these changes to take effect we must click the Apply changesbutton at the top.

Notice this will break all users currently connected through the PPTP VPN. Since we are setting our VPN up for the first time, this shouldn’t be an issue. Once again, a message will appear at the top of the screen informing us that our changes have been applied. Figure 3.11 shows the final results.

Figure 3.10 The New User Screen

13. The final step on the m0n0wall configuration requires us to make a firewall rule to allow PPTP traffic to flow. Click the Firewall | Rulesmenu on the left. A configuration menu will appear with one rule already established on the LAN interface.

14. Once again, select the plusicon on the far right section of the configuration screen.There are a number of other icons here, including an efor edit and an xfor delete, as well as arrows for moving rules up and down. m0n0wall processes firewall rules from top to bottom. Figure 3.12 shows this new rule screen.

15. A new firewall rule screen will appear. In this screen, leave the Actionfield populated with Pass.

Figure 3.11 The Final Results

Figure 3.12 The New Rule Screen

16. Select the PPTP option from the Interfacedrop-down box.

17. Under the Protocol drop-down box, select the TCP/UDP option.

18. You can leave the rest of the fields to their defaults or modify them to fit your environment.

In the Descriptionfield, enter a description of this rule. We use “PPTP clients ->

internet” to remind ourselves of the role this rule fulfills.

19. Click the Savebutton at the bottom of the screen.This will bring you back to the Firewall

| Rulesmenu, which will display your new rule under a section called PPTP clients.

20. Once again, we must click the Apply Changesbutton to put the new rule into effect. A message will appear confirming the changes have taken effect. Figure 3.13 shows the final results.

With our server fully configured, we are ready to move onto setting up the PPTP client on our community user’s system.

N

OTE

…P

ASSWORD

S

ECURITY

Choosing poor passwords can lead to the compromised security of your VPN. End users often dislike complex passwords. Try to be inventive in choosing passwords that the user can remember and still make good security sense.

Figure 3.13 Firewall Rules, Final Results

Configuring Our Community Users

On the user’s side, we will leverage the PPTP client already built into Windows. Our example will use Windows XP to demonstrate the setup.The configuration is similar between all versions, from Windows 95 up to the most recent version.

1. Click the Start | Network Connections.As seen in screen Figure 3.14, the Network Connections window will appear with your current network adapters already visible.

2. Click the Create a new connectionlink on the upper-left side of the window. As seen in Figure 3.15, the New Connection Wizardwill appear.

Figure 3.14 Clicking the Start | Network Connections Screen

Figure 3.15 The New Connection Wizard Welcome Screen

3. Click the Next >button, and the Network Connection Typedialog will appear. As seen in Figure 3.16, select the Connect to the network at my workplaceradio button.

4. Clicking the Next >button brings up the Network Connectionscreen. As seen in Figure 3.17, select the Virtual Private Network connectionoption.

5. Clicking the Next >button brings up the Company Nameprompt. Enter a description for your PPTP connection here. As seen in Figure 3.18, we entered PPTP to Community Wireless.

Figure 3.16 Selecting the Connect To The Network At My Workplace radio button

Figure 3.17 Selecting the Virtual Private Network Connection option

6. Clicking the Next >button may bring up an Automatic Dialdialog. If this occurs, select the Do not dial the initial connectionoption.

7. Clicking the Next >button brings up the Server Name or Address dialog. As seen in Figure 3.19, we entered the IP address of our m0n0wall.This is the address of the LAN interface on the m0n0wall. In our example, we used 10.13.37.1. (This address can be found in our m0n0wall by clicking the Interfaces | LANmenu item from the m0n0wall Web configuration.)

Figure 3.18 Description Entered for PPTP Connection

Figure 3.19 Entering the IP Address of Our m0n0wall

8. Clicking the Next >button brings up the Create this connection for:dialog. If we want all users to use this connection, select Anyone’s use; otherwise, select the My use only option.This is largely left to the discretion of the community member using the PPTP connection.

9. Clicking the Next > button brings up the Completing the New Connection Wizard.

Optionally, we can add a shortcut to the desktop.

10. Clicking the Finishbutton brings up a PPTP authenticationbox, as seen in Figure 3.20.

To test our settings, enter the username we specified in the previous m0n0wall configuration.

11. Clicking the Connectbutton brings up the Connectingdialog, as seen in Figure 3.21.

12. If we configured everything correctly, we will get a dialog box telling us we are registering Figure 3.20 The PPTP Authentication Box

Figure 3.21 The Connecting Dialog Box

Dalam dokumen Wireless Hacking Projects for Wi-Fi Enthusiasts - X-Files (Halaman 69-79)