On Tue, Jul 8, 2008 at 6:01 PM, RB <[EMAIL PROTECTED]> wrote: > Absolutely - that's the "...attempt mitigating controls..." I glossed over. > I don't think I'm up to arguing the validity of HIDS and NAC right now, but > it's the same concept: the software that runs on the client can only report > what the OS tells it. While we're there, I also cringe at the idea of giving > a web browser sufficient access to the OS to try to sufficiently validate > those items, particularly since so many of the solutions are IE-centric. >
No disagreement there. It's worth noting that to get a real VPN out of the browser based solutions, instead of just a port forward here or there, the user usually has to either have administrator level access to the workstation (now why on earth would you do that in an enterprise? :)) or have a shim (clientless? hah!) installed that grants them this access. > Appreciate the clarification. I think each solution has its place given > proper analysis and control, but also that the "browser VPN" is one of those > magic bullet solutions too many people think is going to save the world/heal > cancer/free kevin. > True. Each has it's merits and no "perfect" solution, is perfect for all. But I digress...for "SSL VPN", we also have stunnel :) --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
