Posted on 07-24-2015 08:05 AM
We have a Cisco VPN solution and a new pcf file was created.
PCF files contain all the info required to establish the VPN, the issue is that the group password/secret is encrypted and the Mac OS requires it to be applied in plaintext, and it is a security issue for Cisco guys to provide it to us.
How do you guys work around this issue? Do you just ask them to come and type in the secret while no one is watching (non technical solution)?
Posted on 07-24-2015 08:08 AM
That's going to be a political question they either trust you or they don't. However if you have the PCF file and are industrious there are numerous sites that will decrypt the Cisco encrypted password.
Posted on 07-24-2015 08:18 AM
Yeah...I figured it will be a trust issue. I was just wondering if there are any technical solutions besides cracking the pcf file. Oh well. :(
Posted on 07-24-2015 08:21 AM
you used to be able to import a pcf file into OS X its been so long since I had a Cisco VPN though I have not tried in years. Why have guilt about cracking it? Any employee with the file can do it. The security better not be in the one piece of information that is widely known how to obtain, it better be in strong user passwords and/or 2 factor authentication.
Posted on 08-08-2015 12:11 AM
@Vitamin-Z i've not been able to use a .pcf with the built in Cisco VPN since 10.6.
I had to crack the file, but once done I wrapped it all up in a config profile & deployed via the JSS.
With this being signed etc, it is MORE secure than the PCF. As it's much much harder to crack/get hold of once deployed.
So like @nessts says, why have guilt?