Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: SSL VPNs and security
From: Q-Ball <qballus () gmail com>
Date: Wed, 14 Jun 2006 11:00:56 +1000

Sure traffic can be filtered, but the point is that the layer 7 connection
is terminated at the network perimiter rather than the internatl network
which is typically much less protected.

On 6/14/06, Ray P <sixsigma98 () hotmail com> wrote:

Why do I keep reading that "IPSec provides full network connectivity"? SC
Magazine just repeated this nonsense.

It only does that if you have it configured that way. Even Microsoft's
PPTP
& L2TP "free" stuff can be limited. And you can configure an SSL VPN to do
likewise.

Ray

>From: Q-Ball <qballus () gmail com>
>To: Tim <tim-security () sentinelchicken org>
>CC: full-disclosure () lists grok org uk
>Subject: Re: [Full-disclosure] SSL VPNs and security
>Date: Tue, 13 Jun 2006 15:13:45 +1000
>
>SSL VPNs have their legitimate place as does IPSec. Personally, I'd
rather
>that travelling exec's who need to log on from a public Internet
terminal,
>dont have full IP connectivity into the network, but maybe that's just
me.
>
>Q-Ball
>
>On 6/10/06, Tim <tim-security () sentinelchicken org> wrote:
>>
>> > That depends on whether the solution tries to solve single-sign-on
>> > problems as well.  If the vendor is trying to handle SSO in such an
>> > environment, then they are probably using domain cookies.  The
>> > problems are exactly the same as the ones Michal listed, plus some
>> > additional ones specific to domain cookies.
>>
>>Right, that does make it difficult.  There's probably work arounds, but
>>they may be browser-specific.  Wildcard cookies, cookies set to other
>>origins, or somehow setting document.domain back to the base domain
>>after the initial page load might help, but some would probably present
>>the same problem.
>>
>>The web was never designed for complex application development.  At
>>least, web standards aren't.  Use a real VPN.
>>
>>cheers,
>>tim
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>Hosted and sponsored by Secunia - http://secunia.com/
>>


>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault