Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Deploying SSL-based VPNs

From: "Beauford, Jason" <jbeauford () EightInOnePet com>
Date: Mon, 3 Apr 2006 14:42:50 -0400
Not true.  SSL-VPN's can deliver content via a web browser w/o the
installation of any client software (other than web browser).  The
problem here is that we need to identify what it means to deliver
content.  In the case of a pure SSL-VPN via Web browser, I mean it can
give a directory listing via published share directories on the internal
lan.  All of the rewriting is done by the appliance / software on the
backend.  It pushes the data through the web browser.

For things like Remote Desktop or IPSEC clients via SSL-VPN, then you're
correct as you'll need to install an active-x or java client of some
sorts.

JMB 

        |  -----Original Message-----
        |  From: Saqib Ali [mailto:docbook.xml () gmail com] 
        |  Sent: Friday, March 31, 2006 8:49 PM
        |  To: Alice Bryson; bitshield () gmail com; 
        |  miguel.dilaj () oissg org; Ian.Hayes () wynnlasvegas com; 
        |  chammett () dpsolutions com; Beauford, Jason
        |  Cc: security-basics () securityfocus com
        |  Subject: Re: Deploying SSL-based VPNs
        |  
        |  On 3/30/06, Alice Bryson <abryson () bytefocus com> wrote:
        |  > ipsec vpn need a
        |  > client application which not suitable for a mobile 
        |  pc or net bar pc.
        |  > ssl vpn donot need install client application.
        |  
        |  Can you please clarify this stmt. As far as a I know 
        |  all SSH / SSL based VPN solutions need a client, 
        |  whether it be a fat client, or a Active X  client or 
        |  a Java application / applet d/l .
        |  
        |  All SSL/SSH based VPNs do, is create a tunnel. And 
        |  to create this tunnel they need to install some kind 
        |  of application on the client. A browser by itself 
        |  can not create this tunnel. Atleast not yet. Maybe 
        |  when MS want to take over the SSL VPN market, they 
        |  will include that functionality in their web bruisers.
        |  
        |  
        |  --
        |  Saqib Ali, CISSP
        |  Support http://www.capital-punishment.net
        |  -----------
        |  "I fear, if I rebel against my Lord, the retribution 
        |  of an Awful Day (The Day of Resurrection)" Al-Quran 6:15
        |  -----------
        |  
        |  -----------------------------------------------------
        |  ----------------------
        |  EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - 
        |  ONLINE The Norwich University program offers 
        |  unparalleled Infosec management education and the 
        |  case study affords you unmatched consulting experience. 
        |  Tailor your education to your own professional goals 
        |  with degree customizations including Emergency 
        |  Management, Business Continuity Planning, Computer 
        |  Emergency Response Teams, and Digital Investigations. 
        |  
        |  http://www.msia.norwich.edu/secfocus
        |  -----------------------------------------------------
        |  ----------------------
        |  
        |  

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: