[c-nsp] Cisco ASA and ipads

Christopher J. Pilkington cjp at 0x1.net
Mon Jan 30 00:09:29 EST 2012


On Jan 29, 2012, at 22:49, "Dobbins, Roland" <rdobbins at arbor.net> wrote:

> It can be argued that the iPad is at least superficially more secure than general-purpose computers.  If I were to differentiate access policies between iPads and general-purpose computers (which I can't imagine having a need to do), I'd be inclined to give the iPads *more* privileges than the general-purpose computers, not less.

I'd tend to agree, pointing out that any computing device one does not
administer should be treated with suspicion.

The original poster suggested a user could export the certificate
(I'll assume he means private key) and install it on their iPad. The
user being able to do the export is the root of the problem. If you're
allowing keys to be exported, you should assume that key is always
installed on an untrusted device.

Either control your VPN end points, or don't. Just make sure you know
the implications either way.

-cjp



More information about the cisco-nsp mailing list