Leonardo Rodrigues Magalhães escreveu:
If your VPN is for remote users, i'll suppose you're running
OpenVPN in TLS mode, creating digital certificates for each users, etc
etc. Maybe you have some authentication schema as well, but i'll
suppose you DO have digital certificates for EACH user. In that case,
you should notice that a bruteforce attack for establishing the VPN is
MUCH harder than a simple attack on username/password like SSH ones.
Even if you have some authentication schema for establishing the VPN,
you should remember that authentication occurs AFTER the data channel
has beng secured. Nobody would be able to bruteforce username/password
before establishing the TLS channel. And that would be simple. In
fact, bruteforcing that is supposed to be VERY VERY difficult.
i forgot one word .... where i wrote ' ... nobody would be able to
bruteforce username/password before establishing the TLS channel. And
that would be simple. .... ' you should read '... before establishing
the TLS channel. And that, establish the TLS channel, would NOT be simple'.
Atenciosamente / Sincerily,
Minha armadilha de SPAM, NÃO mandem email
My SPAMTRAP, do not email it
Description: S/MIME Cryptographic Signature