Re: SSL...how secure is it?

benc247_ · ‎04-18-2013

QuestionÉthe man in the middle routine has always made me wonderÉhow safe is our user data when they go to access.worldbank.orgÓ? I was looking at this:

http://blogs.computerworld.com/cybercrime-and-hacking/22050/steve-gibsons-fingerprint-service-detect...

Seems to me the user would potentially never know and unless they compared thumbprintsÉ.really it would go unnoticed since the browser notification can be suppressed or the MIM cert trusted. Here, we have just such a systemÉeven when you go to https://google.com we can see what is going on. For our users connecting from various public computersÉsomeone could monitor what they do then right?

michael.saw_ · ‎04-18-2013

We will need to go through/analyze the full connection establishment process...
From the initial DNS lookup to the receipt/acknowledgement of the session...

"weakest link"

benc247_ · ‎04-19-2013

Is this something Juniper has done? Is there any documentation on how secure and what a "man in the middle" attack may see? Any provisions put in place to protect the user and data?

michael.saw_ · ‎04-21-2013

Hi benc247,

This falls back to the fundamentals of SSL VPN establishment...
May need to take a look at the RFCs associated with this...