Webinar: Secure Cisco Remote Access for Android Devices with SecureAuth
Thur, Sept 1st, 10am PST
Cisco has recently broken from the ranks and released an Android VPN client for its SSL VPN line of products, Cisco AnyConnect for Rooted Devices, available from the Android Market. Looks like they got tired of waiting for an official API…
Well, now that it is possible to connect your Android to your ASA, you must be asking “How do I do it?” How do you securely authenticate a mobile device to your SSL VPN. Best bet is the same model Cisco and other network vendors are using for other mobile devices; certificates plus AAA.
Now, not only can we reliably identify our users, but the bilateral, bi-directional authentication afforded by the use of certificates will defend against the insecure networks our mobile devices face when away from the corporate nest. SecureAuth, with its full support of Cisco Remote Access solutions, now supports access via Android devices.
Our SE in the East, Chris Hayes has been playing with this and many other features revolving around the Android platform. Give us a call to see how SecureAuth can enable your mobile VPN securely.
–
Mark Lambiase is a founding member of SecureAuth and serves as the Director of Network Products. SecureAuth is a single appliance solution to enterprise Identity, Access and Authentication issues.
Administrators who have attempted to integrate the Junos iOS Pulse Client with their enterprise were delighted by demonstrations of secure enrollment to the enterprise using SecureAuth technologies.
The iOS platform is ahead of other mobile device platforms in enterprise managability and remote access. With these features in place Juniper has caplitalized on the Apple VPN API with its release of the Pulse Client. The Pulse client provides access to protected corporate resources using an SSL VPN tunnel. Fully integrated with the iOS VPN capabilities Pulse supports Apple’s VPN On Demand feature, which can automatically establish the VPN when administrator defined conditions are met and certificate based authentication is used.
The problem is that individual certificate credentials can be administratively burdensome. SecureAuth eliminates the effort required to securely distribute iOS Profiles with embedded individual credentials. Other settings can be bundled in to the profile such as passcode, VPN, and Mobile Device Management. This model binds all of the enterprise settings together, and it is either all of the settings and restrictions or none, which would include removing the credential, giving the enterprise better control of mobile devices while delivering all of the settings in a single user self-service interaction.
Join us March 3, 2011 for:
| Webinar Title: |
Webinar: FishNet Security, Juniper Networks, & SecureAuth Join Forces to Secure Access from iPhones |
| Date: |
Thursday, March 3rd |
| Time: |
10:00 a.m. – 10:30 a.m. PST |
Categories
Blog |
Tags
|
Author
Mark Lambiase |
|
Yesterday Cisco AnyConnect for iOS 4 devices became available via the Apple App Store, http://itunes.apple.com/us/app/cisco-anyconnect/id392790924?mt=8.
Cisco AnyConnect further extends the enterprise functionality available to iOS device users by keeping them connected to their corporate network while on-the-go.
SecureAuth extends its seamless integration with Cisco Secure Remote Access VPNs by offering the best 2-factor enrollment and provisioning platform available for iOS devices. The same, simple, self-service enrollment process used by tens of thousands of PCs to enroll and access protected resources is available to provision individual credentials and connection profiles to an iOS device.
SecureAuth can be configured to deliver identity credentials alone or packaged with connection information for the Cisco IPSec client in iOS, or the new iOS AnyConnect client. And, some of the most popular features, like ‘Connect On Demand’ are facilitated by the SecureAuth model.
Categories
Blog |
Tags
|
Author
Mark Lambiase |
|
A recent advisory from US-CERT has a lot of people who are thinking about deploying SSL VPN, or who have deployed SSL VPN, wondering if this is a good decision. There are a lot of articles on the subject, and many of them will leave you feeling like this is an unsolvable problem. But, there are a few (Dark Reading included) that do a good job of explaining exactly what the vulnerability is, and how to protect against it.
The core of the problem can be described quite simply. When a client (browser) connects to an SSL VPN, and then connects to ‘protected’ resources (let’s say your intranet page), the browser does not ‘see’ the connection to the intranet page. The browser is connected to the SSL VPN, and the data to the internal ‘protected’ site is proxied through the SSL VPN. All the browser ever sees is the SSL VPN, and all of the web sites the browser connects to ‘inside’ the SSL VPN look just like they are a part of it.
This is the problem. And the solution lies in the problem.
OK, so what exactly is the problem here. When the browser is connected to the SSL VPN a session is created, with cookies and other things set. If a malicious web site behind the VPN asks for a cookie the browser will send it. After all, the browser is not connected to the malicious web site, it is connected to the VPN.
The solution can be stated simply. Don’t let browsers connected to your SSL VPN connect to malicious web sites.
That may sound a little trite, but SSL VPNs have many mechanisms to help you prevent this kind of attack. Web ACLs can be used to only allow traffic to specific resources. Turn off the ‘address bar’ in the SSL VPN portal so that connected users cannot just browse around. Those are two simple steps you can take to limit the exposure of your SSL VPN to this kind of attack.
The thing is, this vulnerability is not really build in to the SSL VPN itself, but is dependent on how the SSL VPN is deployed. There is definitely a threat here, but this is exposure that can be mitigated with a well configured SSL VPN.
Categories
Blog |
Tags
|
Author
Mark Lambiase |
|
New flaws with how SSL is implemented were revealed at Black Hat 2009, but SecureAuth can’t be tricked.
These flaws can trick a user in to thinking they are at a legitimate web site. The main problem with SSL is not that the attack is undetectable, but that end-users have to inspect the server-side certificate, and know what they are looking for. (How often do you click on the ‘lock’ icon in your browser? And, would you know if something was not right?)
SecureAuth protects against these and other attacks by automating the process. SecureAuth, as part of the authentication process, makes sure the end-user is connected to the legitimate server, before asking for a password.
This level of security is simple to deploy to your cloud services, web servers and remote access VPNs, providing two-factor authentication that satisfies PCI and other regulatory mandates, and goes beyond other 2-factor solutions that are really just password replacements.
Categories
Blog |
Tags
|
Author
Mark Lambiase |
|
