[c-nsp] What does SSL VPN Devices offer?
Joseph Jackson
JJackson at aninetworks.com
Mon Feb 20 07:36:32 EST 2006
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> A.L.M.Buxey at lboro.ac.uk
> Sent: Monday, February 20, 2006 2:22 AM
> To: Tim Franklin
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] What does SSL VPN Devices offer?
>
> Hi,
>
> > If it's a random Internet-café PC, do you really trust that
> there's no
> > keylogger already installed? Regardless of how secure the network
> > connection has become, it doesn't help if you're sniffing at source.
>
> this is where one-time passwords are required. supplied via
> either a keyfob system (RSA style) or , for example, an SMS message.
>
> > The big win for SSL VPN, as far as I can see from investigation so
> > far, is that it gets you round the numerous ISPs and corporate
> > networks you might be visiting who block some combination
> of ESP, AH
> > and ISAKMP. The former in an
>
> yep. thats the big one.
>
> alan
I don't think I would allow our users to VPN from a internet café reguardless if they had a secureID key
or got and sms messgae. If they need to be able to connect from any where they need to have a laptop with
a cell card in it. We do not allow users to VPN from their personal machines even. If they need to vpn the company
gives them a machine.
More information about the cisco-nsp
mailing list