lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4489954E.4080800@csuohio.edu>
Date: Fri Jun  9 16:35:56 2006
From: michael.holstein at csuohio.edu (Michael Holstein)
Subject: SSL VPNs and security

> SSL certificates are free.  You just have to have enough knowledge to
> distribute your own CA certificate.  For a VPN appliance, this should
> not be a problem at all, since only your trusted users should be
> accessing it. Even if you aren't competent enough to figure out how to
> distribute your own CA certificate, I believe there are such things as
> wildcard certificates.

Great .. setup a SSL vpn, then tell your users it's okay to click "yes" 
on the "untrusted certificate" popup.

Sure, it's trivial to create self-signed certs (or run a CA), but 
distributing your cert (or the CA cert) to all but a handful of clients 
is a logistical nightmare.

If you're going to be installing stuff, might as well make that a 
IKE/IPSEC client and do it the right way to begin with.

/mike.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ