[c-nsp] What does SSL VPN Devices offer?

Joseph Jackson JJackson at aninetworks.com
Mon Feb 20 07:36:32 EST 2006


> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net 
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of 
> A.L.M.Buxey at lboro.ac.uk
> Sent: Monday, February 20, 2006 2:22 AM
> To: Tim Franklin
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] What does SSL VPN Devices offer?
> Hi,
> > If it's a random Internet-café PC, do you really trust that 
> there's no 
> > keylogger already installed?  Regardless of how secure the network 
> > connection has become, it doesn't help if you're sniffing at source.
> this is where one-time passwords are required. supplied via 
> either a keyfob system (RSA style) or , for example, an SMS message. 
> > The big win for SSL VPN, as far as I can see from investigation so 
> > far, is that it gets you round the numerous ISPs and corporate 
> > networks you might be visiting who block some combination 
> of ESP, AH 
> > and ISAKMP.  The former in an
> yep. thats the big one.
> alan

I don't think I would allow our users to VPN from a internet café reguardless if they had a secureID key 
or got and sms messgae.  If they need to be able to connect from any where they need to have a laptop with 
a cell card in it. We do not allow users to VPN from their personal machines even. If they need to vpn the company
gives them a machine. 

More information about the cisco-nsp mailing list