Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: True Clientless SSLVPN

from [David Gillett] Network Security [Permanent Link]
Subject: RE: True Clientless SSLVPN
Date: Thu, 1 Jun 2006 10:47:46 -0700 
  So then how would it work?

  The SSL code on the client is built into the browser.  But in order
to be able to *tunnel* over it, you almost certainly need additional 
code:  a plug-in, a java applet, an ActiveX control, *SOMETHING*.

  As I understand it, when vendors say "clientless", they mean "client
browsers will automatically download the piece they need, your users
do not have to separately install a new component to enable VPN use".

  I think that if you define "TRUE clientless" as "that's not clientless
enough", then you're looking for somebody to sprinkle invisible(!)
pixie dust on your clients when the user isn't looking.

  I was under the impression that the purpose of the Cisco client's
SSL feature was to allow customers who already have IPSEC VPNs to 
start deploying SSL VPNs as well without confusing the end users.
Is it actually *required* in order to use their SSL VPN solutions?
That would seem to defeat the major benefit of SSL for VPNs.

David Gillett



-----Original Message-----
From: Bein, Matthew [mailto:BeinM@ummhc.org] 
Sent: Wednesday, May 31, 2006 10:19 AM
To: 'Huzeyfe Onal'
Cc: security-basics@securityfocus.com
Subject: RE: True Clientless SSLVPN


Hello,

Most of the solutions like Cisco or Netscreen require a 
client. I'm looking for one that does not require any download...

Thanks,


Matthew


-----Original Message-----
From: Huzeyfe Onal [mailto:huzeyfe.onal@gmail.com]

Sent: Wednesday, May 31, 2006 1:15 PM
To: beinm@ummhc.org
Cc: security-basics@securityfocus.com
Subject: Re: True Clientless SSLVPN

Hi,

what do you mean true clientless? All SSL VPN products are 
clientless(Except OpenVPN).
SSL VPNs allow users to connect securely  only a web 
browser.. You can try SSLExplorer 
(http://sourceforge.net/projects/sslexplorer/) or another SSL 
VPN solutions.

On 31 May 2006 01:22:12 -0000, beinm@ummhc.org 
<beinm@ummhc.org> wrote:

Has anyone seen a true clientless SSLVPN Solution?


Thanks,


Matthew




--

Huzeyfe ÖNAL
---
Ag Guvenligi Listesine uye oldunuz mu?
http://www.huzeyfe.net/netsec.html

<html><body><i>The information transmitted is intended only 
for the person or entity to which it is addressed and may 
contain confidential and/or privileged material.  Any review, 
transmission, re-transmission, dissemination or other use of, 
or taking of any action in reliance upon this information by 
persons or entities other than the intended recipient is 
prohibited.  If you received this in error, please contact 
the sender and delete the material from any 
computer.</i></body></html>
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  How can I track this down?, Nick Duda
Next by Date:  RE: True Clientless SSLVPN, Portz, Jon
Previous by Thread:  RE: True Clientless SSLVPN, Bein, Matthew
Next by Thread:  Re: True Clientless SSLVPN, ChrisSerafin
Indexes:  [Date] [Thread] [Top] [All Lists]