[Pauldotcom] SSL VPN attacks?
Butturini, Russell
Russell.Butturini at Healthways.com
Mon Feb 1 13:48:16 UTC 2010
I have tested SSLStrip against ASA 5520s and 40s running version 8.0(2) and 8.0(4) of the code releases, and while it worked against the authentication page, the AnyConnect client bugged out and crashed when I started actively sending traffic across the established tunnel.
I think speed, cost and management is what drives people away from the IPSec VPN. Not to mention that it is a bit more secure (It's not terribly hard to recover the group password in about 3 seconds from an Cisco VPN client profile file). The SSL VPN client is WAAYYYY faster than the IPSec client and much more stable, plus you don't have to wrap its ugly drivers around your NIC. However, the biggest concern I would have is depending on how many SSL clients you are moving towards is that I have seen the ASAs start to really bog down with a large number of SSL VPN clients unless they have the crypto accelerator modules installed in them. Management is a lot easier too with no software installation or configuration of the client profile.
Mick, There are also some other rumors around the AnyConnect client I can discuss off list.
________________________________
From: pauldotcom-bounces at mail.pauldotcom.com on behalf of Michael Douglas
Sent: Sun 1/31/2010 1:49 PM
To: PaulDotCom Security Weekly Mailing List
Subject: [Pauldotcom] SSL VPN attacks?
Do any of the ssl strip type attacks work against SSL VPNs?
Specifically the Cisco variant?
I have a side client who's all but ready to ditch IPSec and that's got
me a bit concerned. I've tried noodling around on google/bing to see
what I can find, and my search-fu is weak today.
Any tips are welcomed.
Thanks & have a nice day!
- Mick
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com <http://pauldotcom.com/>
******************************************************************************
This email contains confidential and proprietary information and is not to be used or disclosed to anyone other than the named recipient of this email,
and is to be used only for the intended purpose of this communication.
******************************************************************************
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 4922 bytes
Desc: not available
Url : http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100201/dcdbd6f3/attachment.bin
More information about the Pauldotcom
mailing list