Gần đây, Citibank có kinh nghiệm vấn đề với mật khẩu một lần, các cuộc tấn công man-in-themiddle, và các đề án lừa đảo. Kẻ lừa đảo thuyết phục được một nạn nhân truy cập vào trang web sai lầm của họ và do đó có được hợp lệ của nạn nhân Citibank thông tin quan trọng. | 280 Chapter 6 Deciding on a VPN Notes from the Underground. One-Time Password Vulnerabilities Recently Citibank experienced problems with one-time passwords man-in-the-middle attacks and phishing schemes. The phisher convinces a victim to visit their false site and thus obtains the victim s valid Citibank credentials. These are then passed to the actual Citibank site along with the one-time password. Now the phisher has all the information needed to steal the victim s identity money or other information. The only positive news is that this scheme will only work for a short time and will unlikely be repeatable. The downside is that a single compromise can be devastating for the victim. For a full treatment of this topic see Russ Cooper s July 19 2006 article in Security Watch http security . This same sort of compromise can happen to your network. Be very careful when implementing such authentication Table compares the two SonicWALL appliances. Table SonicWALL SSL-VPN Appliances SSL-VPN 200 SSL-VPN 2000 Deployment Environment Type and Size of Deployment Environment Small organizations up to 50 employees Mid-size organizations up to 1000 employees Recommended Maximum Number of Concurrent Users 5 heavy 10 typ. usage 50 heavy 100 typ. usage Concurrent User License Unrestricted Unrestricted Heavy usage is defined as involving multiple concurrent HTTP HTTPS and FTP proxy sessions and or requiring continuous downloading of files. Continued Deciding on a VPN Chapter 6 281 Table continued SonicWALL SSL-VPN Appliances SSL-VPN 200 SSL-VPN 2000 Application Support Proxy HTTP HTTPS FTP SHH Telnet RDP VNC Windows File Sharing Windows SMB CIFS HTTP HTTPS FTP SHH Telnet RDP VNC Windows File Sharing Windows SMB CIFS Citrix ICA NetExtender Most TCP IP-based applications ICMP VoIP IMAP POP SMTP etc. Any TCP IP-based application ICMP Citrix VoIP IMAP pop SMtP etc. Security Features Encryption DES 3DES AES 128 DES 3DES AES 128 192 256-bit ARC4 192 256-bit ARC4 .