Not being snarky, what is the advantage of using Anyconnect over the built-in VPN client in Windows? More logging, or authentication mechanisms?
Cisco AnyConnect Windows client under active attack
Cisco says miscreants are exploiting two vulnerabilities in its AnyConnect Secure Mobility Client for Windows, which is supposed to ensure safe VPN access for remote workers. One of the pair of flaws, tracked as CVE-2020-3433, is a privilege-escalation issue: an authenticated, local user can exploit AnyConnect to execute code …
COMMENTS
-
-
-
Wednesday 26th October 2022 22:11 GMT MrReynolds2U
On Win10 or 11 you've got SSTP, PPTP, IKE2 (IPSec) along with good-old L2TP/IPSec (PSK\Cert) and I'm pretty sure Win7 had the same options and they were available on all editions.
For more advanced options, if you want to direct specific traffic down different tunnels, then it can be done but requires a little fiddling.
Win VPN doesn't support MFA yet which you may get with VPN clients from firewall vendors and they also may have better methods of sharing PSKs and credentials.
I personally don't really understand why people use 3rd party VPN clients on Windows so if anyone has a decent reason, please share it.
-
-
Wednesday 26th October 2022 23:57 GMT doublelayer
I've used it (not chosen it), and in that case, the advantage was multi-factor authentication with hardware tokens which was mandatory for access to networks with sensitive systems. I think the native client doesn't support this, and in any case would have required more manual configuration as we were using a lot of different OSes (they also had a bunch of infrastructure for using Linux boxes with the same authentication systems). You could probably implement that behavior using a number of options for clients, but you're adding something in all cases.
-
Friday 28th October 2022 16:33 GMT J. Cook
Authentication mechanisms, IIRC.
And if you are a cisco shop using a cisco firewall as the corporate VPN endpoint, it makes slightly more sense to use something that is guaranteed to work instead of having to fettle about with settings and the possibility of having to contact two different vendors for support.
-
Thursday 8th December 2022 01:37 GMT Rockets
For us there's a few reasons. First is being able to use the VPN over a TLS or DTLS transport which is far friendlier for hotel environments. Secondly it's consistent across multiple OS's Windows, MacOS, Linux and Mobile devices. Thirdly the authentication mechanisms are extremely flexible, I can have certificate authentication for corporate devices, username & password with 2FA for contractors. Lastly on the headend we can have dynamic access policies to allow traffic based on the connection profile & authorization of the user from RADIUS.
-