troubleshooting Question

Trusted sites=man in the middle attack more vulnerable?

Avatar of Skeve
Skeve asked on
SSL / HTTPSSecurityWeb Browsers
2 Comments1 Solution629 ViewsLast Modified:
My question relates to trusted sites.  We have users that travel regularly with their laptop as well as internal users with desktops, and we have internal applications published on the Internet with appropriate SSL certificates.  We do not typically place the fully qualified domain name (https://application.company.com) in trusted sites as we fear that this opens up security issues and leaves additional vulnerability to MITM attacks.  The issue comes with this that the automatic login with integrated authentication only works with the site if it is in trusted sites.  If a user is on the road, say in a hotel, and connected to the internet via the in house internet connection, as long as they are logged in to their laptop with their domain login (cached, so can still log in when not attached to the network) they will log in to our application.

What risks do we take placing these secure sites into trusted sites for those traveling users?  Besides the security differences in trusted sites versus internet sites, are we really exposed to anything including being more exposed to MITM attacks for those traveling laptops?
ASKER CERTIFIED SOLUTION
Ron Malmstead
Sr.

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 2 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 2 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros