Feeds

back to article Cisco and Juniper 'clientless' VPNs expose netizens

Virtual private networking software from Cisco Systems, Juniper, and other manufacturers can make users susceptible to a variety of web-based attacks, the US Computer Emergency Readiness Team warned on Monday. So-called clientless SSL VPN products, which provide browser-based access to intranets, email and other internal …

COMMENTS

This topic is closed for new posts.
Thumb Down

thanks...

thanks Reg - you just really made my night and week :-(

0
0
Black Helicopters

Yeah right

and this comes hot on the heels of P2P users saying they are going to switch to VPN's due to all the Anti-Piracy activity.

I smell something fishy.

0
0
Bronze badge

Workaround

As the advisory notes, this issue is mitigated by restricting access to trusted domains/networks. Users don't need to use the VPN to access the Internet - they only need it to access specific internal trusted domains/networks.

0
0
FAIL

Except...

That using a VPN to use the interwebs is a sound piece of advice if using a untrusted connection- i.e WLAN's at airports, etc etc.

0
0
Anonymous Coward

well, kind of...

... of course if you have your users VPN'd into the intranet and at the same time surfing or otherwise in contact with the rest of the net for non-trusted domain usage, they can act as an inadvertent bridge between your network and the whole internet. That's why some proper full VPN clients (e.g. cisco) are configured to seize all network interfaces and redirect all traffic when the VPN is connected.

0
0
Bronze badge
Grenade

but....

I think what JohnG meant is that if you are using an SSLVPN to access your company network, the SSLVPN box should not be proxying your connections to internet (non-internal, trusted hosts).

0
0

it's not a fucking tenant

good christ.

Who is driving your spellchecker now? Spellcheck would have offered both tenet and tenant as alternate spellings for whatever was fat-fingered in, so someone obviously doesn't know much about, hm, words.

The author should be off the hook; if the author used the word tenet, one hopes...

okay. scratch that.

Where did using tenant come from there? And can that person's left pinky fingernail be torn out as a way to raise staff morale and inspire them to stop making everyone look like droolers?

And can the resulting Staff Morale and Inspiration Lifting Exercise (SMILE) be posted to Youtube?

0
1
Bronze badge

@JohnG

Actually that's not strictly true. If you have an organisational subscription to a website (magazine, research or even business service such as finance) then you'll need to appear as coming from that organisation to get your access. There are also other circumstances where you need access to a WAN beyond your perimeter and the only way to do so is to proxy via your SSL VPN.

Hmmm. Pubs are open. Can I just give Tuesday up as a bad job already?

0
0
Bronze badge

point taken.

for what it's worth.

0
0
Thumb Up

Oh Well

I've never trusted clientless VPN. So this story makes me happy.

0
0
This topic is closed for new posts.