Re: Cisco VPN client

---

• From: Tony Arnold <tony.arnold@xxxxxxxxxxxxxxxx>
• Date: Mon, 08 May 2006 08:11:00 +0100

---

Rich,

Rich Renomeron wrote:

Please note that going to a random web site and entering your VPN's
group password is a *really bad idea*. Better to use the utility whose
source code is posted on that website.

In general, you are correct. Visiting randomg WEB sites and entering
passwords is usually a very bad idea. It's what the phishing scams want
people to do.

However, in this case, I don't believe the risk is very high at all.
Firstly, the only information the site requests is the encrypted group
password, and it returns it unencrypted. That information is useless
without other information such as the gateway address, group ID and the
user's crednetials.

Secondly, the presense of the WEB site along with the utility code that
is published shows how pointless this group ID and password is on Cisco
VPNs. Anyone who can get hold of the encrypted version can immediately
see the unencrypted version. Cisco might as well have put the password
in clear text in their .pcf files.

In somewhat related news, I hear that NetworkManager is able to run vpnc
and use the .pcf files directly. Anybody try that?

That would be really neat. I'll have to check this out. I'd be
especially interested if NetworkManager implemented the firewall rules
indicated by .pcf files.

Regards,
Tony.
--
Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold@xxxxxxxxxxxxxxxx, H: http://www.man.ac.uk/Tony.Arnold

--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

---

• Follow-Ups:
  • Re: Cisco VPN client
    • From: moore . bryan

• References:
  • Re: Cisco VPN client
    • From: mpiraz
  • Re: Cisco VPN client
    • From: Tony Arnold
  • Re: Cisco VPN client
    • From: Rich Renomeron

• Prev by Date: Re: [Fwd: Home User Backup Beta version available for testing from universe.]
• Next by Date: Thinkpad Dapper: control external monitor/project?
• Previous by thread: Re: Cisco VPN client
• Next by thread: Re: Cisco VPN client
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: My Suggestion : A New C# compiler for native code ... it also has an option for scrambling whole web sites (Source code, ... and CSS files) when they are published. ... carefully hand crafted HTML and CSS, ... (borland.public.delphi.non-technical) Missing Images ... selected images on my web sites have begun to ... disppear from the internet. ... that when the source code is viewed, there is nothing but white space where ... (microsoft.public.frontpage.client) Re: HTML Viewer and Editor ... I am looking for an HTML Viewer and Editor, preferably a native Delphi ... component rather than an ActiveX control. ... with source code is good, free is good too, as I have open source plans for ... I started one a few years ago to help me keep up web sites. ... (borland.public.delphi.thirdpartytools.general) Re: Frames ... When I view the source code, I am given the following: ... but your browser doesn't support them. ... "Pictures Are Not Displayed on Web Sites in Internet Explorer" ... Security Tools Updates ... (microsoft.public.windows.inetexplorer.ie6.browser)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Mailing-Lists  > Ubuntu  > 2006-05