VanDyke Software Forums

Go Back   VanDyke Software Forums > SecureCRT 5.1/SecureFX 3.1/VShell 2.6 Beta
User Name
Password
FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Display Modes
  #1  
Old 06-17-2005, 10:56 AM
packet46 packet46 is offline
Registered User
 
Join Date: Jun 2005
Location: UK
Posts: 7
Just a thought...

A lot of network equipment that is manufactured these days has a web interface. Like, Nokia FW's and various VPN Concentrators.

Seeing as how the code for these web interfaces is held locally on the network device, would it not be a good idea for SecureCRT to offer a HTTP/S interface to network devices that are so enabled?

I think it would be really good if you can have a console session to a network node, like a Nokia FW, on one tab and also a secure web browser interface to run the Nokia Voyager application on another.

Like with a Nokia (and I know I'm banging on a bit here..) you cannot edit the routing table via the console session, only through the Voyager interface which is HTTP/S only.

I see this as an excellent step for Van Dyke to gain more market share over network products.

Anyone agree/disagree?
  #2  
Old 06-17-2005, 12:34 PM
dcomo's Avatar
dcomo dcomo is offline
Registered User
 
Join Date: Mar 2004
Location: New York
Posts: 124
Interesting thought, however I feel that it is impractical. If this was going to happen, I would imagine that VanDyke would implement a browser rather than write one from scratch. (They could use Mozilla or rely on the Internet Explorer libraries to achieve such as task.)

However, the software would then 'bloat' and be sucseptable to vulernabilities within the implemented software.

I personally manage a slew (600+) devices which many have different configuration interfaces. Yes, most of them are SSH-based, however I do have the occasional web-based interface that uses HTTPS. I don't mind firing up Firefox for said case.

I love SecureCRT how it currently is, nice and lean. I'd really prefer not to see a browser built into it.

That's my 2 cents...
__________________
Drew J. Como
Highland Visuals & Graphic Design
  #3  
Old 06-17-2005, 02:01 PM
MrC MrC is offline
Registered User
 
Join Date: Mar 2004
Posts: 216
I would disagree with such a direction as well. It is critical that SecureCRT/CRT remain foremost secure, and as fast and lean as possible.

There are already excellent, fully capable browsers that can be used.

Personally, I don't understand this drive to cram all functionality into all apps. Each application has its place, strenghts, and weaknesses.

If you really need to see your applications under one roof (so to speak), perhaps you can consider getting a virtual screen manager, and place all you SecureCRT sessions and appliance console browser sessions on a single virtual screen. Then, just pretend that the bottom of your monitor is your tabbed window (the Windows taskbar): Voila!, everything under one tabbed interface! :-)

Seriously, the minor convenience gain vs. the risks, feature bloat, expanding beyond VanDkye's core skills and loss of focus in my opinion would be an unworthy and unwise undertaking.

Just my 2c also.
  #4  
Old 06-17-2005, 03:25 PM
toloughlin's Avatar
toloughlin toloughlin is offline
Senior Member
 
Join Date: Feb 2004
Location: Nashua, NH
Posts: 378


In addition, if you try to implement a web tab, what happens to the emulation of the other tabs? Should the new https tab take control of the emulation? Unfortunately I feel that this may be somewhat of an unnecessary feature.
Then again, I've been known to be completely wrong
__________________
----------------------------------------------
Tom O'Loughlin
  #5  
Old 07-05-2005, 05:45 AM
packet46 packet46 is offline
Registered User
 
Join Date: Jun 2005
Location: UK
Posts: 7
Hmmm....

I can sort of see your argument against vulnerability and bloatware exposure. But the "I want SecureCRT to stay just the way it is" argument is a little rooted in the past isn't it??

We're not talking servers here, just a web client. It can be written in house to minimalise security holes and keep the amount of code to a minimum. It can use open source and bolt that down.

Surely the power & performance of the local host will control the application function and not the application itself? Assuming the applet is written correctly and manages CPU cycles and memory associations correctly.

As for emulation compatabilities, the web client would be running in it's own environment on the local host. So a connections to server A from client B running on SSH and HTTPS will not combat each other. They are separate TCP flows to the same IP address.

I just think it allows the application to be THE application of choice for network and system administrators by offering more functionality to a wider degree of devices.

I do not include netbios or CIFS based servers here, just network nodes.

Life goes on...maybe I'll write something similar...

Cheers.
  #6  
Old 07-05-2005, 07:29 AM
bocks's Avatar
bocks bocks is offline
VanDyke Customer Support
 
Join Date: Jan 2004
Location: Albuquerque, NM
Posts: 184
Quote:
Originally Posted by packet46
Seeing as how the code for these web interfaces is held locally on the network device, would it not be a good idea for SecureCRT to offer a HTTP/S interface to network devices that are so enabled?

I think it would be really good if you can have a console session to a network node, like a Nokia FW, on one tab and also a secure web browser interface to run the Nokia Voyager application on another.

Like with a Nokia (and I know I'm banging on a bit here..) you cannot edit the routing table via the console session, only through the Voyager interface which is HTTP/S only.
This is a feature that has been requested before. If you would like to have your contact information added to the feature request for HTTP/HTTPS support to be added to SecureCRT, I just need to get yur contact information.

Rather than post it here on the Web, please send a message to Support@vandyke.com with a subject of Attn: Shannon Re: Forum thread ID 842

Once I get your message, I will add your contact information to the feature request so that we will be able to notify you if a future release of SecureCRT contains this ability.

Thanks,

-bocks
  #7  
Old 07-05-2005, 09:02 AM
packet46 packet46 is offline
Registered User
 
Join Date: Jun 2005
Location: UK
Posts: 7
I apologise if I am being too demanding here, buut sometimes idea's just hit me and I note them down.

Here's another....

Recently I set up a couple of site-to-site VPN tunnels for a client of mine. Now a few years ago, I worked with VPN Concentrators (Cisco, Nortel, Juniper) when the IPSEC config was laboured and tricky. Now it is very, very simple to build such a tunnel. Normally, the default settings for Phase 1 (IKE) and Phase 2 (IPSEC) of a VPN tunnel are used because they are so reliable.

Only a pre-shared key need be configured at either end for authentication.

Building on my previous post of harnessing all that wasted processing power on your average desktop/laptop computer, could VanDyke not create a default settings connection type of "VPN".

Really this would require one screen which had Phase 1 and Phase 2 settings options.

In my mind, as long as the 'Perfect Forward Secrecy' [PFS] option was not used (this encrypts the IP header and makes routing on internal corporate LAN's difficult) then using SecureCRT with this function would enable client to server VPN tunnels to be constructed for remote maintenance and would negate the need for expensive over priced "VPN Concentrators" and would endear VanDyke into the hearts of many a network / sysadmin.

Obviously there would be other things to think about but I will happily get involved with the testing of such a function.

Cheers
Dave H
  #8  
Old 07-05-2005, 09:27 AM
gan's Avatar
gan gan is offline
Registered User
 
Join Date: Mar 2005
Location: Norway
Posts: 87
Quote:
Originally Posted by packet46

Recently I set up a couple of site-to-site VPN tunnels for a client of mine. Now a few years ago, I worked with VPN Concentrators (Cisco, Nortel, Juniper) when the IPSEC config was laboured and tricky. Now it is very, very simple to build such a tunnel. Normally, the default settings for Phase 1 (IKE) and Phase 2 (IPSEC) of a VPN tunnel are used because they are so reliable.

Only a pre-shared key need be configured at either end for authentication.

Building on my previous post of harnessing all that wasted processing power on your average desktop/laptop computer, could VanDyke not create a default settings connection type of "VPN".

Really this would require one screen which had Phase 1 and Phase 2 settings options.

In my mind, as long as the 'Perfect Forward Secrecy' [PFS] option was not used (this encrypts the IP header and makes routing on internal corporate LAN's difficult) then using SecureCRT with this function would enable client to server VPN tunnels to be constructed for remote maintenance and would negate the need for expensive over priced "VPN Concentrators" and would endear VanDyke into the hearts of many a network / sysadmin.

Obviously there would be other things to think about but I will happily get involved with the testing of such a function.
I'm not sure if i understand exactly what you request, but every vendor got their own implementation of VPN and their own features. That's why every major vendor got their own client as well. So then vandyke would have to create software for both the client and server end to make it work. I cannot see how that would be helpful in any way. If you need a secure connection they already got products that support SSH like vshell, etunnel and securecrt that i believe will to what you request except it's not IPSec. Also a lot of network equipment like most cisco routers support ssh as well to connect directly to the equipment.

Cheers

Last edited by gan; 07-05-2005 at 09:30 AM.
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 06:42 PM.


copyright 1995-2017 VanDyke Software, Inc.