[olug] SSL VPN Vulnerabilities?
Rob Townley
rob.townley at gmail.com
Thu May 19 20:14:22 UTC 2005
Thanks for pointing that out. I was not referring to openvpn, but
vpns and security in general. The article i read on nwfusion.com
would lead one to believe a web browser is commonly used.
But still,
On 5/19/05, Jim <jameso at elwood.net> wrote:
> The SSL VPN tools I know of, like OpenVPN, are completely separate
> from your web browser.
>
> http://openvpn.net/howto.html
>
> I would read the docs again, as it sounds like you missed some of the
> basics of the program.
>
> I highly recommend OpenVPN. It is not *better* then IPsec, but it
> fits some needs. It is very easy to set up different VPNs between
> different Operating systems. It is not without its problems as well,
> but in some cases it is a better choice then std IPsec.
>
> Jim
>
> On May 19, 2005, at 10:04 AM, Rob Townley wrote:
>
> > I have just been reading about how much easier SSL vpns are to
> > maintain and get working from anywhere through a firewall. I am a
> > skeptic. If your browser is hijacked (or maybe you have a keystroke
> > logger), isn't it possible that when the end user types in their
> > password, they are unknowningly giving a copy of the key away? Or is
> > an SSL vpn capable of doing a network quarantine such as check for
> > latest virus signatures, firewall, and security updates before the end
> > user is prompted to type in a password?
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > http://lists.olug.org/mailman/listinfo/olug
> >
> >
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>
More information about the OLUG
mailing list