Question about Aggressive Mode with Pre-Shared Key
A friend of mine is applying for a small business loan and they had to agree to a cybersecurity audit. It's really nothing more than an external pentest from an online provider. One of the dings that came back was that they use a VPN that supports IKE, aggressive mode with a Pre-Shared key. I took a look at his setup and the results are accurate. It was a lower risk (2 out of 5) on the pentest scale, and I don't think they will make much of it, but I would like to know more about the actual risk here. The firewall is also setup to require a username and password after the pre-shared key and each user has a unique username/password. Does having this additional auth reduce the risk significantly? Is it meaningful to respond and acknowledge that while it's true, the VPN requires the username/password or is this a case where the result of the exploitation would circumvent that additional auth?
At Cyber Info, we strive to empower every individual with easy access to cybersecurity education
183,284Members
Resources
Similar Threads
Was this page helpful?
