Comments on: Owning the Mobile Workforce @ BlackHat 2008 http://blog.phishme.com/2008/05/owning-the-mobile-workforce-blackhat-2008/ Internet Security Professionals comment on innovative phishing ploys, social engineering techniques, and the latest hacks. Bashing or bowing to the latest and greatest news in the security community. Keep up to speed with what phishers, hackers, and spammers are doing or just listen in on the latest geek rants. PhishMe is your one stop blog for the latest in anti-phishing and security news. Fri, 26 Feb 2010 10:25:13 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Managing the mobile workforce « VPN Haus http://blog.phishme.com/2008/05/owning-the-mobile-workforce-blackhat-2008/comment-page-1/#comment-3193 Managing the mobile workforce « VPN Haus Thu, 03 Jul 2008 19:09:20 +0000 http://blog.phishme.com/?p=115#comment-3193 [...] vpnhaus Categories: Posts Interesting article the other day on PhishMe.com - Owning The Mobile Workforce. In it, Schmoilito writes about the vulnerabilities inherent in most SSL VPNs, and the challenges [...] [...] vpnhaus Categories: Posts Interesting article the other day on PhishMe.com – Owning The Mobile Workforce. In it, Schmoilito writes about the vulnerabilities inherent in most SSL VPNs, and the challenges [...]

]]> By: Rene w/ NCP http://blog.phishme.com/2008/05/owning-the-mobile-workforce-blackhat-2008/comment-page-1/#comment-3182 Rene w/ NCP Tue, 17 Jun 2008 19:53:03 +0000 http://blog.phishme.com/?p=115#comment-3182 This is a brilliant article; in order to leverage security; you require a firm 'foothold' on the device; i.e. a client that can enforce security policies on the machine itself. The idea of 'clientless' what SSL VPNs push is in very often in actual fact their 'Achilles' heal'! The point you make! It's not so much the SSL VPN at fault, SSL protocol itself is a great method to create security tunnels; but it's the implementation that's at fault -- the atomization as you point out in the article. NCP's approach of having a client installed, that comes with a dynamically adaptable firewall to fend off malicious attacks, comes with an integrated dialer, to ensure the connection is secure and controlled, and comes with Endpoint Security enforcement to ensure the machine is secured -- and then all this with the manageability aspect -- the lack of which drove many people away from IPsec and to SSL! This is a brilliant article; in order to leverage security; you require a firm ‘foothold’ on the device; i.e. a client that can enforce security policies on the machine itself. The idea of ‘clientless’ what SSL VPNs push is in very often in actual fact their ‘Achilles’ heal’! The point you make!

It’s not so much the SSL VPN at fault, SSL protocol itself is a great method to create security tunnels; but it’s the implementation that’s at fault — the atomization as you point out in the article. NCP’s approach of having a client installed, that comes with a dynamically adaptable firewall to fend off malicious attacks, comes with an integrated dialer, to ensure the connection is secure and controlled, and comes with Endpoint Security enforcement to ensure the machine is secured — and then all this with the manageability aspect — the lack of which drove many people away from IPsec and to SSL!

]]>