lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri Jun 9 15:06:01 2006 From: tim-security at sentinelchicken.org (Tim) Subject: SSL VPNs and security Hello MZ, I think SSL VPNs are a pretty lame idea in the first place, but for the specific problem you bring up, would the following design work around this? Set up a wildcard record, *.webvpn.example.org, pointing to the device. The device then maps all internal domain names or IP addresses to a unique hostname, such as: internalhost.webvpn.example.org, or 192-168-0-1.webvpn.example.org, etc. Wouldn't this properly segment different internal sites, such that an XSS in one wouldn't impact the other? If so, pay attention all SSL VPN vendors: it is your free idea for the week. tim
Powered by blists - more mailing lists