PaulDotCom mailing list archives

SSL VPN attacks?

From: Russell.Butturini at Healthways.com (Butturini, Russell)
Date: Mon, 1 Feb 2010 07:48:16 -0600

I have tested SSLStrip against ASA 5520s and 40s running version 8.0(2) and 8.0(4) of the code releases, and while it 
worked against the authentication page, the AnyConnect client bugged out and crashed when I started actively sending 
traffic across the established tunnel. 
 
I think speed, cost and management is what drives people away from the IPSec VPN.  Not to mention that it is a bit more 
secure (It's not terribly hard to recover the group password in about 3 seconds from an Cisco VPN client profile file). 
 The SSL VPN client is WAAYYYY faster than the IPSec client and much more stable, plus you don't have to wrap its ugly 
drivers around your NIC.  However, the biggest concern I would have is depending on how many SSL clients you are moving 
towards is that I have seen the ASAs start to really bog down with a large number of SSL VPN clients unless they have 
the crypto accelerator modules installed in them.  Management is a lot easier too with no software installation or 
configuration of the client profile.  
 
Mick, There are also some other rumors around the AnyConnect client I can discuss off list.
 
 
________________________________

From: pauldotcom-bounces at mail.pauldotcom.com on behalf of Michael Douglas
Sent: Sun 1/31/2010 1:49 PM
To: PaulDotCom Security Weekly Mailing List
Subject: [Pauldotcom] SSL VPN attacks?



Do any of the ssl strip type attacks work against SSL VPNs?
Specifically the Cisco variant?

I have a side client who's all but ready to ditch IPSec and that's got
me a bit concerned.   I've tried noodling around on google/bing to see
what I can find, and my search-fu is weak today.

Any tips are welcomed.

Thanks & have a nice day!
- Mick
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com <http://pauldotcom.com/> 




******************************************************************************
This email contains confidential and proprietary information and is not to be used or disclosed to anyone other than 
the named recipient of this email, 
and is to be used only for the intended purpose of this communication.
******************************************************************************
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 4922 bytes
Desc: not available
Url : http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100201/dcdbd6f3/attachment.bin

Current thread:

SSL VPN attacks? Michael Douglas (Jan 31)
- SSL VPN attacks? Jack Daniel (Jan 31)
- SSL VPN attacks? Butturini, Russell (Feb 01)