Full Disclosure mailing list archives
Re: SSL VPNs and security
From: Tim <tim-security () sentinelchicken org>
Date: Fri, 9 Jun 2006 10:05:51 -0400
Hello MZ, I think SSL VPNs are a pretty lame idea in the first place, but for the specific problem you bring up, would the following design work around this? Set up a wildcard record, *.webvpn.example.org, pointing to the device. The device then maps all internal domain names or IP addresses to a unique hostname, such as: internalhost.webvpn.example.org, or 192-168-0-1.webvpn.example.org, etc. Wouldn't this properly segment different internal sites, such that an XSS in one wouldn't impact the other? If so, pay attention all SSL VPN vendors: it is your free idea for the week. tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- SSL VPNs and security Michal Zalewski (Jun 08)
- Message not available
- Re: SSL VPNs and security Michal Zalewski (Jun 08)
- Re: SSL VPNs and security E Mintz (Jun 09)
- Re: SSL VPNs and security Michal Zalewski (Jun 08)
- Message not available
- Message not available
- Re: SSL VPNs and security E Mintz (Jun 09)
- Re: SSL VPNs and security Tim (Jun 09)
- Re: SSL VPNs and security Brian Eaton (Jun 09)
- Re: SSL VPNs and security Tim (Jun 09)
- Re: SSL VPNs and security Q-Ball (Jun 12)
- Re: SSL VPNs and security Ray P (Jun 13)
- Re: SSL VPNs and security Q-Ball (Jun 13)
- Re: SSL VPNs and security Brian Eaton (Jun 09)
- Re: SSL VPNs and security Tim (Jun 09)
- Re: SSL VPNs and security Michael Holstein (Jun 09)
- Re: SSL VPNs and security Tim (Jun 09)
- Re: SSL VPNs and security Brian Eaton (Jun 09)