Today, we're excited to announce the public launch of VPN Hunter!
VPN Hunter is a service that discovers and classifies the VPNs and other remote access services of any organization. Given only an organization's domain name (eg. msu.edu), VPN Hunter can find a wide range of remote access services associated with that organization, such as:
- SSL VPNs: VPN Hunter will seek out SSL VPNs from vendors including Juniper, Cisco, Palo Alto, Citrix, Fortinet, F5, SonicWALL, Barracuda, Microsoft, and Array.
- Remote Access: VPN Hunter will also discover other remote access services including IPsec, PPTP, OpenVPN, RDP, and SSH.
- Email Portals: VPN Hunter will find a handful of web-based email portals including Outlook Web App, Gmail, and Zimbra.
- Generic Login Sites: VPN Hunter can also discover in-house web apps and other generic login sites that aren't tied to a particular third-party vendor or product.
It's no coincidence that VPN Hunter is able to discover many of the remote access services supported by Duo's two-factor platform. Given that remote services must be exposed to the public Internet inherently, it's vital that they be protected with strong authentication. Having a simple username and password (that is easily guessed, phished, or otherwise stolen) as the only barrier between the Internet and your internal corporate network is far from ideal and borderline negligent.
While VPN Hunter's underlying techniques aren't particularly sophisticated, we hope it will raise awareness of how exposed many organizations' services are to the public Internet. Keep in mind that the automated capabilities of VPN Hunter are a tiny fraction of the reconnaissance effort that a determined attacker would put into "casing" your organization.
With the pleasantries out of the way, feel free to go try out VPN Hunter on your own at www.vpnhunter.com or check out one of the following example results:
If you have any suggestions, comments, or questions about VPN Hunter, feel free to leave them in the comments below. And if you have a VPN to protect, be sure to sign up for a free trial of Duo two-factor!