is the clientless ssl vpn more resistant to worms/viruses?

I have some people that want/need vpn access, but I don't really trust them to keep their home computers clean. I just configured clientless access so that I could access things from my windows 7 home computer, but I haven't done much reading on it yet. Since I'm not directly connected in the same way I would be with an ipsec vpn, I have a feeling it may be better from the worm perspective. I'm by no means an expert on VPN architecture or ASAs yet, however.

Find more posts tagged with

Comments

Ahriakin

If you're only mapping specific ports then you reduce your exposure but I don't doubt there are malware authors out there who are working on it, shoudn't be too hard to locate SSL streams and probe loopbacks for connection details and then tunnel your traffic through it - you couldn't attack a non listed port but possibly attack the end server in other ways.
In short I'd say yeah it's a bit more secure, but it's all relative.
Cisco Secure Desktop?

shednik

My suggestions are to enable Secure Desktop and if you don't purchase an advanced endpoint inspection license atleast configure the one it comes with to look for keyloggers. Thats what we are getting ready to implement.