SSL VPN risks?

829010 pts.
Tags:
Data Loss Prevention
Networking
SSL
Ssl vpn
VPN
VPN security
What are the real-life security risks of implementing SSL VPN? Data loss, exploit from unprotected system, SSL botnets, etc.

Answer Wiki

Thanks. We'll let you know when a new response is added.
Real time security risk:


1.User-credential-related risks
VPNs provide easy access from the Internet into a corporate network and its internal resources

2.Split tunneling

Split tunneling takes place when a computer on the remote end of a VPN
tunnel simultaneously exchanges network traffic with both the shared
(public) network and the internal (private) network without first
placing all of the network traffic inside the VPN tunnel.This provides an opportunity for attackers on the shared network to
compromise the remote computer and use it to gain network access to the
internal network

3.Lack of required host security software on public machines
4.Certain two-factor authentication mechanisms like smart cards do not work with certain public machines
5.Spread of viruses, worms, and Trojans from remote computers to the internal network

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Labnuke99
    In my opinion there are a few issues to consider (most of these also apply to any VPN connection scenario): 1. Integrity of system connecting to VPN. Is it trusted? Is it managed according to company policies? Can that be confirmed at time of connection? 2. If the user is connecting from a system which is not trusted, what are they permitted to access? Can it be managed and monitored? 3. Certificate management. Users will ignore many certificate error messages if they are intent on making a connection. Make sure remote SSL VPN users understand what types of certificate errors they may encounter and what their responses should be. 4. Is split tunnelling permitted or denied? What is the impact on the user? 5. What activity/event monitoring/reporting/analysis tools are in place to track/report/analyze activities when using VPN? Really the biggest issue is #1 raised above. The integrity/trustworthiness of the connecting system. But that issue remains even with other VPN technologies. SSL VPN is really just another means of delivering the same experience to remote/mobile users.
    32,960 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: