"SSL-based VPNs were designed to eliminate the need for complex configurations on the user's PC." Thanks to WIFI networks it take a little more to secure your VPN. Mutual authentication can help by validating a user to a site and the site is validated to the user. Why do this? Because this will protect against the man-in-the-middle attack. Is is the only way or is there other ways like using a LDAP server to preform the same thing.

SSL-based VPNs were designed to eliminate the need for complex configurations on the user's PC. Unfortunately, that was before the dangers of public WiFi networks and tougher regulatory requirements came into being. Thanks to WiFi, many attacks that were difficult are now quite simple. In particular, a man-in-the-middle attack can intercept SSL-encrypted traffic, rendering SSL-based VPNs useless - even if it's protected by a typical one-time password system. The man-in-the-middle can easily feed the one-time password into the SSL-based VPN within the alloted time.

The link for this article located at HowToForge is no longer available.