Q&A: SSL VPN Security
by Mirko Zorz - Monday, 28 July 2008.
Max Huang is the founder and Executive Vice President of O2Micro and President for O2Security, a subsidiary company of O2Micro. In this interview he discusses the importance of SSL VPNs in the overall security architecture, the difference between IPSec and SSL VPNs as well as the future of SSL VPNs.

In your opinion, how important are SSL VPN appliances in the overall security architecture?

As remote access facilitators, SSL VPN appliances are an essential ingredient to implementing network security. Today’s businesses with operations (whether in-house or out-sourced) worldwide must enable increased productivity among its employees by providing access to the corporate data and tools for its mobile workforce, including the sales force and field service personnel, and the increasing numbers of employees who telecommute or require after-hours access to communicate with geographically dispersed operations.

SSL VPN appliances are also important to disaster-recovery planning and business continuity. Very often, natural calamities cause increased demands on IT infrastructure by affected and concerned customers – precisely when the companies’ employees are unable to respond. Businesses must quickly relocate critical functions to alternate locations (including employees working from home) and must expand IT capacity while ensuring security.

Secure remote access can be achieved both with IPSec and SSL VPNs. What are the benefits of using SSL VPNs over IPSec?

To connect to an IPsec VPN, an individual user must install corresponding IPsec client software. This places a major burden on the IT department during initial deployment, as well as for upgrades. Furthermore, IPsec technology cannot handle ‘NAT Traversal’; frequently end-users cannot connect easily using IPsec VPN from hotel rooms, or public locations such as airports and cafes. Similar problems exist when providing secure access to business partners (suppliers, resellers, customers, professional services like lawyers and auditors).


eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Dec 18th