Comments on: SSL VPN Remote Access is Convenient but Not Secure

By: draytek help » DrayTek VPN session types

draytek help » DrayTek VPN session types — Fri, 26 Mar 2010 09:25:58 +0000

[...] Russian Roulette & SSL VPN Remote Access Telework [...]

By: Gary Arctic

Gary Arctic — Fri, 26 Feb 2010 00:22:32 +0000

I agree with what he was saying just not as direct

By: Eirik Iverson, Product Management

Eirik Iverson, Product Management — Mon, 02 Nov 2009 21:16:21 +0000

The concern regarding SSL VPN has more to do with the lack of security of the endpoint and the web browser than the cryptography of SSL VPN. Once an SSL VPN tunnel is established, typically using AES 256 and SHA-1 for encryption and data integrity, there’s a fairly robust tunnel. One can take issue with the key exchange process and the dependence of end-users to recognize a man-in-the-middle attack.

Also, I wouldn’t fault SSL VPN for significant connectivity issues. Yes, some applications such as VoIP or other network/data layer protocol intensive activities can be problematic. But, these applications do not represent the majority of SSL VPN use in my humble opinion. And, I believe many SSL VPN vendors offer IPSec plug-ins, for web browsers, when there’s a need to overcome such issues.

The very convenience of SSL VPN underscores one of its fundamental weaknesses. As ANY PC can be used, then even the most malware infested PC can be used, which could leak any information that passes through the PC. In contrast, an IPSec VPN tends to be limited to PC’s that are managed by an organization. Such PCs tend to be considerably less likely to be malware infested.

Consider Banking Trojans stealing money from organizations, the newer, sophisticated ones are usually discovered after someone notices fraudulent transfers, after-the-fact. At that point, someone, frequently a forensics technician, conducts a thorough examination of the endpoints, and finds the Trojans. The existing anti-virus/spyware had not. Now, tie this back to SSL VPN remote access. What corresponding indicator would let an organization know that sensitive information is leaking from the organization? In other words, how would one ’see’ problems with SSL VPN in the context of data leakage?

By: Ian

Ian — Fri, 30 Oct 2009 16:12:27 +0000

I actually like SSL VPN Remote Access Software. I find that it gives me a flexible and secure way to extend networking resources to virtually any remote user with access to the Internet and a web browser. Remote access based on SSL VPN delivers for me a secure access to network resources by establishing an encrypted tunnel across the Internet using a broadband connection. I don’t think I have had any trouble with my SSL VPN as of yet. If someone can tell me their problems, maybe I can help fix them.

By: Configuring a Site-to-site Vpn Between Two Cisco Routers | Intro to Business BroadBand

Tue, 06 Oct 2009 16:27:26 +0000

[...] ssl vpn remote access is convenient but not secure [...]

By: Secure Remote Access To Your PC. | 7Wins.eu

Secure Remote Access To Your PC. | 7Wins.eu — Wed, 30 Sep 2009 17:31:42 +0000

[...] Secure Remote Access to Your Mac using SSH – Part 1 Mac 101 | Mac 101Russian Roulette & SSL VPN Remote Access Telework [...]

By: Is Jimi Hendrix The Worlds Greatest Guitar Player and Composer? | Guitaroholic

Fri, 25 Sep 2009 12:41:02 +0000

[...] Russian Roulette & SSL VPN Remote Access Telework [...]

By: COMPUTERS - Are You Using the Right Key For VPN Encryption? - Soft Smooth Readings

Fri, 25 Sep 2009 11:13:50 +0000

[...] Russian Roulette & SSL VPN Remote Access Telework [...]

By: SSL VPN Remote Access is Convenient but Not Secure 3rd sense

SSL VPN Remote Access is Convenient but Not Secure 3rd sense — Fri, 18 Sep 2009 20:17:33 +0000

[...] View original post here: SSL VPN Remote Access is Convenient but Not Secure [...]