Attacking a Virtual Private Network
Course Name and Number: _____________________________________________________
Student Name: ________________________________________________________________
Instructor Name: ______________________________________________________________
Lab Due Date: ________________________________________________________________
A properly configured virtual private network that uses IPSec and adheres very closely to best
practices, such as strong authentication, network segmentation, device validation, and posture
assessment, is very formidable and protects all types of information in transit from one location
to the other. In this lab, you learned how to use social engineering techniques to unlock the
secrets of a targeted individual or organization by attacking its virtual private network. You also
researched e-mail scams and used social engineering to create a believable spam e-mail to solicit
funds for a fictitious fundraising opportunity.
Lab Assessment Questions & Answers
1. What is the darknet?
A. An Internet for non-English-speaking people
B. The criminal side of the Internet
C. An Internet just for law enforcement
D. The old IPv4 Internet, which is being retired as IPv6 takes over
E. None of the above
2. What e-mail protocol does Marina and Rita’s Cupcakes use, and why is it important?
3. Text in an e-mail must match the URL to which it links: true or false?
4. Instead of relying just on a user ID and password system, VPN access can be protected by
tokens like SecurID and other ____________ methods.
5. In many instances an IP address is used to access a server rather than a URL because a URL is
more difficult to set up and easier to track: true or false?
6. A well-designed malicious e-mail campaign can expect ____________ number of responses, or
click-throughs, as a legitimate commercial e-mail campaign.
A. a smaller
B. a greater
C. about the same
7. Were Charlie Roberts and Susan Dougherty known to each other, and did they have a trust
relationship that could be exploited?
8. Which of the following steps can make VPN access more secure?
A. Assure Perfect Forward Secrecy during IKE key exchange
B. Allow access only from specific MAC addresses
C. Allow access only from specific MAC/IP address pairs
D. Use foreign words as passwords
E. Change password letters to numbers, such as all Ls to 7s and all Os to 0s