[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BAY101-F372F049324E20BF3FE23C6DD8C0@phx.gbl>
Date: Wed Jun 14 00:49:12 2006
From: sixsigma98 at hotmail.com (Ray P)
Subject: SSL VPNs and security
Why do I keep reading that "IPSec provides full network connectivity"? SC
Magazine just repeated this nonsense.
It only does that if you have it configured that way. Even Microsoft's PPTP
& L2TP "free" stuff can be limited. And you can configure an SSL VPN to do
likewise.
Ray
>From: Q-Ball <qballus@...il.com>
>To: Tim <tim-security@...tinelchicken.org>
>CC: full-disclosure@...ts.grok.org.uk
>Subject: Re: [Full-disclosure] SSL VPNs and security
>Date: Tue, 13 Jun 2006 15:13:45 +1000
>
>SSL VPNs have their legitimate place as does IPSec. Personally, I'd rather
>that travelling exec's who need to log on from a public Internet terminal,
>dont have full IP connectivity into the network, but maybe that's just me.
>
>Q-Ball
>
>On 6/10/06, Tim <tim-security@...tinelchicken.org> wrote:
>>
>> > That depends on whether the solution tries to solve single-sign-on
>> > problems as well. If the vendor is trying to handle SSO in such an
>> > environment, then they are probably using domain cookies. The
>> > problems are exactly the same as the ones Michal listed, plus some
>> > additional ones specific to domain cookies.
>>
>>Right, that does make it difficult. There's probably work arounds, but
>>they may be browser-specific. Wildcard cookies, cookies set to other
>>origins, or somehow setting document.domain back to the base domain
>>after the initial page load might help, but some would probably present
>>the same problem.
>>
>>The web was never designed for complex application development. At
>>least, web standards aren't. Use a real VPN.
>>
>>cheers,
>>tim
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>Hosted and sponsored by Secunia - http://secunia.com/
>>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists