We help IT Professionals succeed at work.
Get Started

Trusted sites=man in the middle attack more vulnerable?

Skeve
Skeve asked
on
628 Views
Last Modified: 2011-09-20
My question relates to trusted sites.  We have users that travel regularly with their laptop as well as internal users with desktops, and we have internal applications published on the Internet with appropriate SSL certificates.  We do not typically place the fully qualified domain name (https://application.company.com) in trusted sites as we fear that this opens up security issues and leaves additional vulnerability to MITM attacks.  The issue comes with this that the automatic login with integrated authentication only works with the site if it is in trusted sites.  If a user is on the road, say in a hotel, and connected to the internet via the in house internet connection, as long as they are logged in to their laptop with their domain login (cached, so can still log in when not attached to the network) they will log in to our application.

What risks do we take placing these secure sites into trusted sites for those traveling users?  Besides the security differences in trusted sites versus internet sites, are we really exposed to anything including being more exposed to MITM attacks for those traveling laptops?
Comment
Watch Question
Network Operations Manager
CERTIFIED EXPERT
Commented:
This problem has been solved!
Unlock 1 Answer and 2 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE