Brookhaven Lab Virtual Private Network (VPN)
1C - FIPS 140-2 Cisco VPN Client Security Policy Software VPN Client 6 1C - FIPS 140-2 Cisco VPN Client Security Policy OL-5833-01 Physical Security Cisco Software VPN Client is a multi-chip-standalone cryptographic module. The module’s physical boundary is the PC case in which it is running. The module is enclosed in a removable PC cover, which. VPN connection initiated to Cisco ASA, which redirects to the Duo Access Gateway for SAML authentication AnyConnect client performs primary authentication via the Duo Access Gateway using an on-premises directory (example) Duo Access Gateway establishes connection to Duo Security over TCP port 443 to begin 2FA. A VPN extends a corporate network through encrypted connections made over the Internet. Because the traffic is encrypted between the device and the network, traffic remains private as it travels. An employee can work outside the office and still securely connect to the corporate network. Even smartphones and tablets can connect through a VPN. To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides the Cisco Software Checker to identify any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (“First Fixed”). Cisco has rolled out fixes for multiple critical vulnerabilities in the web-based management interface of Small Business routers that could potentially allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device.
In order to use this service you need internet connectivity, use DUO Two-factor Authentication, and a Cisco VPN Client. This service is limited to BNL employees only.
The VPN service allows BNL employees secure remote access to the Brookhaven internal network through their own personal Internet Service Provider, so that it appears as if their home computer is right on the BNL internal network.
You must have some form of high bandwidth network connectivity. Known local carriers which work with the BNL Cisco VPN service include Optimum Online, Verizon DSL and FIOS services. You should be able to connect to the BNL campus from any off-site location.
In order to utilize this service, users' must use DUO Two-factor Authentication and a properly configured VPN client software on their computer.
Desktop Cisco VPN Client
The Desktop Cisco VPN Client allows remote users to securely access the Brookhaven internal network through their own personal Internet Service Provider, so that it appears as if their home computer is right on the BNL internal network.
See VPN login instructions using Duo Two-factor authentication at Brookhaven Lab.
|Operating system||Windows, Mac OS X 10.4 and 10.5, Solaris UltraSPARC, Linux (Intel)|
Cisco Systems VPN Client is a software application for connecting to virtual private networks based on Internet Key Exchange version 1.
On July 29, 2011, Cisco announced the end of life of the product. No further product updates were released after July 30, 2012, and support ceased on July 29, 2014. The Support page with documentation links was taken down on July 30, 2016, replaced with an Obsolete Status Notification.
Availability and compatibility
The software is not free but is often installed on university and business computers in accordance with a site-license. As with most corporate licenses, administrators are allowed to freely distribute the software to users within their network.
The open-source vpnc client can connect to most VPNs supported by the official client.
VPN Client 4.9.01.0230 beta added support for Mac OS X 10.6. Stable version 4.9.01.0180 appears to lack that support; 4.9.00.0050 explicitly did not support versions of Mac OS X later than 10.5.
VPN Client 5.0.07.0290 added support for 64-bit versions of Windows Vista and Windows 7.
Cisco Vpn Security
The client uses profile configuration files (.pcf) that store VPN passwords either hashed with type 7, or stored as plaintext. A vulnerability has been identified, and those passwords can easily be decoded using software or online services. To work around these issues, network administrators are advised to use the Mutual Group Authentication feature, or use unique passwords (that aren't related to other important network passwords).
- Cisco ASA, the product line that replaced Cisco VPN Concentrator on the server side
- ^VPN Client release notes
- ^Cisco VPN Client v4.x ... Mac OS
- ^'VPN Client Homepage'.
- ^Release Notes for VPN Client, Release 4.9.01.0230 Beta for Mac OS X
- ^Release Notes for VPN Client, Release 4.9.00.0050 for Mac OS X, Revised: May 21, 2010, OL-11179-04
- ^Release Notes for Cisco VPN Client, Release 5.0.07.0290
- ^ ab'Cisco Security Notice: Cisco IPsec VPN Implementation Group Password Usage Vulnerability'.
- ^'Cisco Systems VPN Client Group Password Decoder'.