Mobile
12/6/2013
09:06 AM
Connect Directly
RSS
E-Mail

Juniper Mobile VPN Client Taps iOS Security Changes

Apple iOS 7 and Android via Samsung add per-app VPNs, which businesses can apply to better secure employees' mobile devices.

Image source: MyAKA
Image source: MyAKA

Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
Mathew
50%
50%
Mathew,
User Rank: Apprentice
12/9/2013 | 6:02:58 AM
Re: wouldn't touch it with a 3 meter pole
Thanks for the feedback, datamechanic.

Does anyone have similar Linux experiences to share, or experience using this with PCs? Likewise, anyone using this with smartphones/tablets -- and is the UI good, or does it need work?
datamechanic
50%
50%
datamechanic,
User Rank: Apprentice
12/6/2013 | 8:24:26 PM
wouldn't touch it with a 3 meter pole
Juniper's "SSL VPN" is a usability disaster.  Only works out of the box on one particular combination of versions of Java, MS-Windows, and MS-IE.  I got our compiler guy to figure out how to run the executable on Linux, but then I needed a different Java version for some other application on that host, and that was the end of my Juniper-on-Linux kludge.  I gave up on it and got the company to issue me an Aruba remote access point instead.  If the same folks develop the mobile version, expect the same problems.  Fix your bugs, Juniper, don't argue with me about keeping some long-obsolete Java version around.
David F. Carr
50%
50%
David F. Carr,
User Rank: Apprentice
12/6/2013 | 1:54:40 PM
Examples?
Are there examples of companies using this tech, even on a pilot basis?
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3352
Published: 2014-08-30
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID CSCuh...

CVE-2014-3908
Published: 2014-08-30
The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2010-5110
Published: 2014-08-29
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

CVE-2012-1503
Published: 2014-08-29
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.

CVE-2013-5467
Published: 2014-08-29
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM)...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.