11-03-2005 06:29 AM - edited 02-21-2020 02:04 PM
Hi,
I currently manage a Cisco 3000 concentrator which terminates IPSec tunnels for our users. The users are authenticated with a group ID and password (they never know the group password), and then with their own user ID and password; so we have two layers of authentication.
I've started looking into SSL VPN's (on the same 3000), and from what I can see there is only one authentication layer - the user ID and password. If this is stolen the thief can gain whatever access the legitimate user has to the network. The thief doesn't even need to exert any effort to get the SSL client - it downloads for them automatically.
Am I missing a layer in the SSL option somewhere?
nick
11-03-2005 04:32 PM
i guess that's the trade off for convenience. just like we use net banking these days. all you need is a username/account number and a password.
further, you may configure the webvpn authentication against digital certificate:
11-03-2005 07:24 PM
True enough; but why do I feel like a lamb being led to the slaughter? :-)
Thanks for the tip on the certs - I was hoping that some such option eisted; but I couldn't find it.
nick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide