[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] SSL VPNs and security

To: Michal Zalewski <lcamtuf@xxxxxxxxxxxx>
Subject: Re: [Full-disclosure] SSL VPNs and security
From: Tim <tim-security@xxxxxxxxxxxxxxxxxxx>
Date: Fri, 9 Jun 2006 10:05:51 -0400

Hello MZ,

I think SSL VPNs are a pretty lame idea in the first place, but for the
specific problem you bring up, would the following design work around
this?

Set up a wildcard record, *.webvpn.example.org, pointing to the device.
The device then maps all internal domain names or IP addresses to a
unique hostname, such as:  internalhost.webvpn.example.org, or
192-168-0-1.webvpn.example.org, etc.

Wouldn't this properly segment different internal sites, such that an
XSS in one wouldn't impact the other?  If so, pay attention all SSL VPN
vendors: it is your free idea for the week.

tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] SSL VPNs and security
  - From: Brian Eaton
- Re: [Full-disclosure] SSL VPNs and security
  - From: Michael Holstein

References:
- [Full-disclosure] SSL VPNs and security
  - From: Michal Zalewski

Prev by Date: Re: [Full-disclosure] Is your security 6/6/6 ready?
Next by Date: Re: [Full-disclosure] SSL VPNs and security
Previous by thread: [Full-disclosure] Re: SSL VPNs and security
Next by thread: Re: [Full-disclosure] SSL VPNs and security
Index(es):
- Date
- Thread