Cisco VPN client
Tony Arnold
tony.arnold at manchester.ac.uk
Mon May 8 07:11:00 UTC 2006
Rich,
Rich Renomeron wrote:
> Please note that going to a random web site and entering your VPN's
> group password is a *really bad idea*. Better to use the utility whose
> source code is posted on that website.
In general, you are correct. Visiting randomg WEB sites and entering
passwords is usually a very bad idea. It's what the phishing scams want
people to do.
However, in this case, I don't believe the risk is very high at all.
Firstly, the only information the site requests is the encrypted group
password, and it returns it unencrypted. That information is useless
without other information such as the gateway address, group ID and the
user's crednetials.
Secondly, the presense of the WEB site along with the utility code that
is published shows how pointless this group ID and password is on Cisco
VPNs. Anyone who can get hold of the encrypted version can immediately
see the unencrypted version. Cisco might as well have put the password
in clear text in their .pcf files.
> In somewhat related news, I hear that NetworkManager is able to run vpnc
> and use the .pcf files directly. Anybody try that?
That would be really neat. I'll have to check this out. I'd be
especially interested if NetworkManager implemented the firewall rules
indicated by .pcf files.
Regards,
Tony.
--
Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold
More information about the ubuntu-users
mailing list