Je viens de trouver un article intéressant sur les tests de pénétration faits sur les passerelles VPN

This article discusses a methodology to assess the security posture of an organization's Ipsec based VPN architecture. The first part of the article looks at the components of IPSec based VPNs, which use client software to connect to the VPN server as opposed to SSL based VPNs, which only use a browser. The second step describes a penetration test of the VPN setup, and then finally a review of the architecture and system configuration is suggested. A comprehensive VPN assessment must account for all possible attack vectors for it to be a useful gauge of security posture…

La suite sur : http://www.securityfocus.com/infocus/1821?ref=rss