[ale] Clientless VPN

Chris Fowler cfowler at outpostsentinel.com
Thu Aug 26 20:14:15 EDT 2010 

This page describes it nicely

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00806ea271.shtml

There obviously is some "thin client" code for Aventail to provide full
ip connectivity.

On Thu, 2010-08-26 at 19:52 -0400, Ryan Neily wrote:
> 
> 
> Some do full ip access over ssl. Check out Aventail (now owned by
> Soncwall)
> 
> Sent from my iPhone
> 
> On Aug 26, 2010, at 7:24 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
> 
> 
> 
> > I'm not sure. It _may_ do some IP stuff but the ones I've seen (been
> > a while) were just file access or remote control things.
> > 
> > For a java app to be able to touch networking, that's already a big
> > scary no-no in client security.
> > 
> > On Thu, Aug 26, 2010 at 7:15 PM, Chris Fowler
> > <cfowler at outpostsentinel.com> wrote:
> >         On Thu, 2010-08-26 at 19:05 -0400, Jim Kinney wrote:
> >         > don't (and WON'T) use it as it's a feeble excuse for a
> >         vpn. It
> >         > basically uses a browser session to establish an SSL
> >         connection to the
> >         > home office. That usually loads a java app back to the
> >         kiosk client.
> >         > Sometimes these are VNC things and sometimes they are
> >         little more than
> >         > file managers. Most require some form of user
> >         authentication
> >         > (password) to activate the client code sent back to the
> >         browser.
> >         >
> >         > As the article states, the basic insecurity of the system
> >         is the
> >         > client itself. Since you don't know what kind of code has
> >         been
> >         > installed (keystroke loggers in particular) the
> >         "protection" is only
> >         > as good as the system you are using.
> >         
> >         
> >         So these do not provide ip connectivity?  Maybe something
> >         similar in
> >         process as ssh port redirection?
> >         
> >         
> >         
> >         _______________________________________________
> >         Ale mailing list
> >         Ale at ale.org
> >         http://mail.ale.org/mailman/listinfo/ale
> >         See JOBS, ANNOUNCE and SCHOOLS lists at
> >         http://mail.ale.org/mailman/listinfo
> >         
> > 
> > 
> > 
> > -- 
> > -- 
> > James P. Kinney III
> > I would rather stumble along in freedom than walk effortlessly in
> > chains.
> > 
> > 
> > 
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> > 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

More information about the Ale mailing list