Why one-time passwords are weak against SSL VPN vulnerabilities

Cisco security expert and Cisco Subnet blogger Jamey Heary has returned from Black Hat with lots of network security tips to share. Read Jamey's posting about the best way to defend against SSL VPN

vulnerabilities. He writes: "Blackhat '08 disclosed several SSLVPN and DNS vulnerabilities that caused several people to sit up and take notice. Some of these new exploits performed a brilliant Man-in-the-Middle attack on SSLVPN tunnels. I'll walk you through how using certificates, instead of OTP tokens, for second factor authentication can increase the security of your SSLVPN solution against these new types of attacks."

More from Cisco Subnet: * Cisco warns of WebEx ActiveX security holeSSL VPN vulnerabilities: Client certificates vs. OTP devicesDirect sales vs. channel partners: The good, the bad and the ugly* Out goes Cisco, in comes ShoreTel VoIP for the City of OaklandIn depth series: Cisco Unified Communications Manager call routing Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, book giveaways, and more.



Go to

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)