Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 4974 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect disable option to save credentials

Albeck

Hi folks,

with the EOL of the Sophos SSL VPN Client, i will migrate all my VPN users to the new Sophos Connect client.

With the old client the users were always prompted for their credentials upon vpn connection initiation.

On the new Sophos connect client it s possible for them to store their credentials, which I don't like and think is bad in terms of security.

Is there some option or possibility to disable this?

I found in this Sophos doc an option for a provisioning file, but I think this will only work with the XG Firewall. Also (auto)provisioning is not possible with UTM, so a registry setting, ovpn config file editing or similiar would be great!

(https://docs.sophos.com/nsg/sophos-firewall/17.5/Help/en-us/webhelp/onlinehelp/nsg/sfos/concepts/SConProvisioningFile.html)

Thanks!



This thread was automatically locked due to age.
  • 0

    Why is the saving of credentials a bad behavior for users? You use OTP right? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    It is simply ALWAYS bad to store credentials...

  • 0 in reply to Albeck

    What is the issue of storing encrypted credentials? Combining them with OTP seems to be a good approach to me. 

    Storing plain credentials are insecure. But Storing credentials are fine to me. Or are tools like Lastpass, Keypass etc. insecure and bad practice? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Sure, no problem if it is fine for you. I am not going in a principal discussion on this one.and would prefer to go back on topic.

    I plainly asked if there is a way to disbale it. And since there is an option for XG it should somehow be possible.

    Thank you for your input.

  • 0 in reply to Albeck

    As far as i know, it is not possible with a UTM. You need to migrate to SFOS to use this feature, as it is a feature of the .pro Config file. This .pro does not use openvpn, instead it uses a connect to the firewall (SFOS) and generate/download the config file for the user. 

    UTM only use a per user config file (ovpn). 

    And i came up with more examples to my point: What about Azure AD. It stores your password and reuses it with cookies to resign in. Is it insecure? 

    __________________________________________________________________________________________________________________

Unfiltered HTML