[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] SSL VPNs and security

To: Michael Holstein <michael.holstein@xxxxxxxxxxx>
Subject: Re: [Full-disclosure] SSL VPNs and security
From: Tim <tim-security@xxxxxxxxxxxxxxxxxxx>
Date: Fri, 9 Jun 2006 10:25:22 -0400

> >Set up a wildcard record, *.webvpn.example.org, pointing to the device.
> >The device then maps all internal domain names or IP addresses to a
> >unique hostname, such as:  internalhost.webvpn.example.org, or
> >192-168-0-1.webvpn.example.org, etc.
> 
> This has the side effect of making procurement of the SSL certificates 
> *very* expensive.

SSL certificates are free.  You just have to have enough knowledge to
distribute your own CA certificate.  For a VPN appliance, this should
not be a problem at all, since only your trusted users should be
accessing it. Even if you aren't competent enough to figure out how to
distribute your own CA certificate, I believe there are such things as
wildcard certificates.

tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] SSL VPNs and security
  - From: Michael Holstein

References:
- [Full-disclosure] SSL VPNs and security
  - From: Michal Zalewski
- Re: [Full-disclosure] SSL VPNs and security
  - From: Tim
- Re: [Full-disclosure] SSL VPNs and security
  - From: Michael Holstein

Prev by Date: Re: [Full-disclosure] SSL VPNs and security
Next by Date: Re: [Full-disclosure] Re: blocking tor is not the right way forward. It may just be the right way backward.
Previous by thread: Re: [Full-disclosure] SSL VPNs and security
Next by thread: Re: [Full-disclosure] SSL VPNs and security
Index(es):
- Date
- Thread