back to article Cisco and Juniper 'clientless' VPNs expose netizens

Virtual private networking software from Cisco Systems, Juniper, and other manufacturers can make users susceptible to a variety of web-based attacks, the US Computer Emergency Readiness Team warned on Monday. So-called clientless SSL VPN products, which provide browser-based access to intranets, email and other internal …


This topic is closed for new posts.
  1. Anonymous Coward
    Thumb Down


    thanks Reg - you just really made my night and week :-(

  2. Dick Emery
    Black Helicopters

    Yeah right

    and this comes hot on the heels of P2P users saying they are going to switch to VPN's due to all the Anti-Piracy activity.

    I smell something fishy.

  3. JohnG Silver badge


    As the advisory notes, this issue is mitigated by restricting access to trusted domains/networks. Users don't need to use the VPN to access the Internet - they only need it to access specific internal trusted domains/networks.

    1. zonky


      That using a VPN to use the interwebs is a sound piece of advice if using a untrusted connection- i.e WLAN's at airports, etc etc.

    2. Anonymous Coward
      Anonymous Coward

      well, kind of...

      ... of course if you have your users VPN'd into the intranet and at the same time surfing or otherwise in contact with the rest of the net for non-trusted domain usage, they can act as an inadvertent bridge between your network and the whole internet. That's why some proper full VPN clients (e.g. cisco) are configured to seize all network interfaces and redirect all traffic when the VPN is connected.

  4. Anonymous Coward


    I think what JohnG meant is that if you are using an SSLVPN to access your company network, the SSLVPN box should not be proxying your connections to internet (non-internal, trusted hosts).

  5. noodle heimer

    it's not a fucking tenant

    good christ.

    Who is driving your spellchecker now? Spellcheck would have offered both tenet and tenant as alternate spellings for whatever was fat-fingered in, so someone obviously doesn't know much about, hm, words.

    The author should be off the hook; if the author used the word tenet, one hopes...

    okay. scratch that.

    Where did using tenant come from there? And can that person's left pinky fingernail be torn out as a way to raise staff morale and inspire them to stop making everyone look like droolers?

    And can the resulting Staff Morale and Inspiration Lifting Exercise (SMILE) be posted to Youtube?

  6. Sir Sham Cad


    Actually that's not strictly true. If you have an organisational subscription to a website (magazine, research or even business service such as finance) then you'll need to appear as coming from that organisation to get your access. There are also other circumstances where you need access to a WAN beyond your perimeter and the only way to do so is to proxy via your SSL VPN.

    Hmmm. Pubs are open. Can I just give Tuesday up as a bad job already?

    1. Anonymous Coward
      Anonymous Coward

      point taken.

      for what it's worth.

  7. Anonymous Coward
    Thumb Up

    Oh Well

    I've never trusted clientless VPN. So this story makes me happy.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020