Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: SSL VPNs and security
From: Tim <tim-security () sentinelchicken org>
Date: Fri, 9 Jun 2006 10:05:51 -0400

Hello MZ,

I think SSL VPNs are a pretty lame idea in the first place, but for the
specific problem you bring up, would the following design work around
this?

Set up a wildcard record, *.webvpn.example.org, pointing to the device.
The device then maps all internal domain names or IP addresses to a
unique hostname, such as:  internalhost.webvpn.example.org, or
192-168-0-1.webvpn.example.org, etc.

Wouldn't this properly segment different internal sites, such that an
XSS in one wouldn't impact the other?  If so, pay attention all SSL VPN
vendors: it is your free idea for the week.

tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]