Start Free TrialLog in
Avatar of Skeve
Skeve

asked on 

Trusted sites=man in the middle attack more vulnerable?

My question relates to trusted sites.  We have users that travel regularly with their laptop as well as internal users with desktops, and we have internal applications published on the Internet with appropriate SSL certificates.  We do not typically place the fully qualified domain name (https://application.company.com) in trusted sites as we fear that this opens up security issues and leaves additional vulnerability to MITM attacks.  The issue comes with this that the automatic login with integrated authentication only works with the site if it is in trusted sites.  If a user is on the road, say in a hotel, and connected to the internet via the in house internet connection, as long as they are logged in to their laptop with their domain login (cached, so can still log in when not attached to the network) they will log in to our application.

What risks do we take placing these secure sites into trusted sites for those traveling users?  Besides the security differences in trusted sites versus internet sites, are we really exposed to anything including being more exposed to MITM attacks for those traveling laptops?
SSL / HTTPSSecurityWeb Browsers
Avatar of undefined
Last Comment
Skeve
ASKER CERTIFIED SOLUTION
Avatar of Ron Malmstead
Ron Malmstead
Flag of United States of America image
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of Skeve
Skeve

ASKER

So besides being stolen, the only other risk of a trusted site being used outside instead of inside would be the slight difference in security level between 2 zones?  

Thanks for your help, points will be assigned.
Web Browsers
Web Browsers

Web browsers are applications used primarily to display documents, files and media from the Internet, identified by a Uniform Resource Identifier (URI) that can be a page, image, video or other file. Some browsers require the use of add-ons or extensions to safely render the information they receive; others have systems built into them to perform the same functions.

42K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts

  • "Invaluable tool for our organization"

    Josh Regalski

  • "Your help has saved me hundreds of hours of internet surfing."

    @fblack61

  • "Just a dang good service!"

    @golferski

  • "Worth every penny."

    Steve Hougom

  • "It’s been a life saver."

    Maria Halt

  • "Best support site I’ve seen!"

    Bob Schneider

  • "I would be lost without them."

    @fblack61

  • "Saved my job multiple times."

    Walt Forbes

  • "I love this site."

    Maria Duwe

  • "Friendly respectful help."

    Andrew Kowtalo

  • "Such top-notch experts."

    @magento

  • "The best money I have ever spent."

    @rwheeler23

  • "Beyond any comprehensible value"

    George Morris

  • "Invaluable tool for our organization"

    Josh Regalski

Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo
© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent