This preview shows page 1. Sign up to view the full content.
Unformatted text preview: non-secure network and the SSL VPN proxy, and another connection between the SSL VPN
proxy and the endpoint in the secure network. The proxy prevents users from making a direct
connection into a secured network. A SSL VPN proxy acts as a server to the client and as a client
to the server.
• The SSL VPN ensures that authorized users have access only to specific resources, as allowed by
the company security policy implemented by the SSL VPN proxy and integrated traffic
• Proxy servers break the TCP/IP connection between client and server so the packet’s IP address is
not forwarded. They eliminate the exposure of internal IP addressing details to the non-secure
network by hiding the IP address of the endpoint on the secure network. Only the public IP address
of the proxy server is visible from the non-secure network.
• When an application client needs to connect to an application server, the client connects to a
SOCKS proxy server. The proxy server connects to the application server on behalf of the client
and relays data between the client and the application server. For the application server, the proxy
server is the client. 49 VPN, IPSec and TLS SSL VPN Threats
• User passwords may remain on public-computers after
users log off. — User passwords are stored by the browser. • Sensitive data, such as browser cache entries, URL entries, cookies, and any historical information created
during the session, may remain on public computers
after users complete their SSL VPN sessions. • Downloaded files are stored in the public computer’s
“Temporary Folder.” • Users forget to logout.
— Next public computer user may have access to applications. • Worms and viruses may be transferred from the public
computers to the corporate internal network.
VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 50 • The following are considered threats to an SSL VPN:
o Sensitive information may be left on computers at insecure locations.
o User passwords may remain on public-computers aft...
View Full Document
- Spring '10