Please wait while the page is being loaded Skip this advertisement >
ARN

Desktop search engines threaten SSL VPN security

Tim Greene (InfoWorld)  15 November, 2004 12:09:35
Have your say!
Add to Google
ARN Directory | Distributors relevant to this article
Altech Computers , ASI Solutions , Avnet Technology Solutions , Cellnet , Compucon Computers , Corporate Computer Resources , EDsys Computers , Express Data , Express Online , Impact Systems Technology , Infortech Distribution , Ingram Micro Australia , LDS International , Leader Computers , Leading Pacific Australia , NewLease , Simms International , Synnex Australia , Topstar Computer International , Unixpac , Westan , XiT Distribution , Xpress I.T.

New PC indexing tools such as Google Desktop Search pose security risks to businesses that use SSL remote access because the tools copy material accessed during SSL sessions and make it available to unauthorised people who later use the same PC.

Caches created by PC search tools get around security many SSL vendors have put in place to purge cached data from remote machines as secure sessions shut down. These so-called cache-cleaning agents wipe out temporary files created during SSL sessions, but they don't wipe out the copies made by the search tools.

One touted benefit of SSL remote-access technology is that any machine with a Web browser can be used to access a corporate network securely. The downside is that the PCs might not be owned by the corporation, so any number of unauthorised users could have access to them.

Besides Google's product, such search engines are made by Blinkx, Copernic, Isys Search Software and X1. Yahoo and Microsoft are said to be on the verge of having them too.

SSL VPN vendor Aventail said its Secure Desktop, a virtual desktop for SSL sessions that was destroyed when the session closes, prevented files downloaded during the session from being viewed by Google Desktop Search.

Google Desktop Search made it easier to find data on PC hard drives and did not address these security concerns, a Google spokesperson said. Customers coulf manually turn off Desktop Search or put it on pause during SSL remote-access sessions to avoid having the sessions cached by the search engine, he said.

Comments

Post new comment

Users posting comments agree to the ARN comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
The content of this field is kept private and will not be shown publicly.
Enter the fully qualified URL, eg. http://www.example.com/
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Syndicate content
Careerone Job Search
Job seekers Get job alerts | Post your resume online | Interview tips | Ask Kate
Advertisers Click here to advertise your jobs to thousands of job seekers monthly.
 
ARN Distributor Directory
 
Find distributors by name
Find distributors by vendor
Find distributors by location
ARN Vendor Directory
 
Find vendors by name | Find by category
ARN Community Comments
Most Commented
ARN Library


Read Material

RSA - Where Online Fraud is Going

Where Online Fraud is Going: An Insight into Emerging Threats and Changing Fraud Patterns The basic workings of online fraud can be directly correlated to “ real-world” crime.

Subscribe to ARN

ARN has been the premier provider of information to the Australian IT channel for more than 12 years. As the only weekly publication dedicated to the channel, ARN produces timely, accurate news and analysis about IT business issues, products and services, new technology and market opportunities.
Sponsored Links