Re: Slow Cisco Vpn performance!

[Michael Sana <msana () HPU EDU>]

Aloha Christian,

 

Although we are not experiencing that problem, you may want to consider upgrading your Cisco VPN client to version 5.  
Cisco recently released a security advisory regarding local privilege escalation vulnerabilities in older versions.   
Although in your situation the users actually own the machines (and probably have local admin rights), you may have 
some users with university owned equipment that don't have privileged access.  We took things a step further by setting 
our configuration to only allow access with the newest designated VPN client to prevent users with older versions from 
logging in.

 

Here is a summary of the advisory:

Summary 

Two vulnerabilities exist in the Cisco VPN Client for Microsoft Windows that may allow unprivileged users to elevate 
their privileges to those of the LocalSystem account. 

A workaround exists for one of the two vulnerabilities disclosed in this advisory. 

Cisco has made free software available to address these vulnerabilities for affected customers. 

The actual advisory can be found here:

HYPERLINK 
"http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml#summary"http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml#summary

 

Hope this helps...

 

mike.sana.

From: Christian Hroux [mailto:Christian.Heroux () ETSMTL CA] 
Sent: Wednesday, September 26, 2007 7:46 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Slow Cisco Vpn performance!

 

Hello !

 

            We use Cisco VPN concentrator and most employees use the vpn with their own pc at home.  This might be a 
security risk and also a situation much harder to support but we mitigate de risk by limiting the vpn access to some 
port and inspecting traffic with IPS. Some users have reported very slow performance only when using university 
resources through the VPN.  All the test point out to the cisco vpn client  4.8  we use on windows XP. The only way to 
improve speed was to optimize windows XP TCP/IP stack with  HYPERLINK 
"http://www.speedguide.net/files/TCPOptimizer.exe"http://www.speedguide.net/files/TCPOptimizer.exe in  the user`s pc. 

 

            This doesn`t seem to be MTU related issue since we varied this parameter during test with the user who was 
having problem. 

 

            Let me know off line if you had that kind of complaint from user.

 

Christian Héroux 

Bacc Ing. ÉTS, M. Ing. Poly, étudiant MBA HEC, Ing jr.

 

Analyste de l'informatique 

(Sécurité réseau & Télécom)

Section systèmes, infrastructures et télécommunications

École de Technologie Supérieure

1100 rue Notre-Dame ouest

Montréal, Québec

H3C 1K3

Tél : 396-8800 (7863)

 

 "Network design is 50 percent technology, 50 percent diplomacy, 50 percent magic"

 

 

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.488 / Virus Database: 269.13.31/1031 - Release Date: 9/26/2007 12:12 PM


No virus found in this outgoing message.
Checked by AVG Free Edition. 
Version: 7.5.488 / Virus Database: 269.13.31/1031 - Release Date: 9/26/2007 12:12 PM