Does using a VPN completely stop MITM (man in the middle) attacks? If not, what other defences should I consider?

Question

Just for added context, I am curious about connecting to a remote desktop using a VPN but if there are any major differences that can be highlighted for other services I would be interested in that too.

Answer 1

Assuming that you have a properly configured and behaving VPN client, using a VPN will prevent MiTM attacks from occurring between your computer and the VPN server. There is still a chance of a MiTM attack occurring between the VPN server and the desktop you are connecting to.

Assuming that the both the VPN and desktop are inside your company's private network, connecting to the desktop via VPN is as secure as connecting via any other network connection inside your company's network. Likewise, if the VPN and desktop are not within a private network, then the connection is open to MiTM attacks on the public internet.

Answer 2

Not necessarily. It depends upon the VPN configuration and the security settings on the client and the server. For expand, if the network is secured by Diffie Hellman, than someone can engage in a MITM attack. If the VPN is secured by an RSA certificate, then it depends on the nature of the channel. If the client has been provisioned with the server's public key via a signed certificate and uses that cert (it doesn't rely on a 3rd party CA), then it is secure to the extent that you've used a large prime (2048, for example). If the client has a basket of root certificates and the server sends its cert over during VPN session setup, then it is possible to be attacked in the middle.

Is DH insecure? Not necessarily. However, one needs to be careful how these things are deployed. Is RSS secure? Again, depends upon usage.

Options:

For RSA, provision the client side of the VPN with the server certificate and don't rely on CAs. This means the server cert may be self signed.

For Diffie Hellman, change the group and use a large group. What does that mean? Use a large (1024 or 2048) Safe Prime (p=2q+1, where p & q are prime) and a g (generator) that is good for the group. Find some software that generates these for you. Don't do it on your own. Don't reuse common DH parameters from the world: IETF or given to you by a vendor. That's how NSA has broken so many protocols through passive means.