Q&A: SSL VPN Security
by Mirko Zorz - Monday, 28 July 2008.
IPsec VPNs are particularly suitable when connecting two office locations, such as a branch office to the corporate office. All the users at a branch office can use the IPsec VPN tunnel to access the corporate location. SSL VPNs provide the following benefits:
  • No client software needed. Only a standard browser (Internet Explorer, Firefox, Safari, etc.) is required. Makes it easy-to-use for end-users.
  • Fine-grained access control. Access can be granted to each user to only specific applications. For example, access by finance employees can be restricted to financial applications and data. Granularity includes by time of day, day of week, user group, by application or resource group.
  • Capacity expansion as needed, including instantaneous increase for business continuity during disaster-recovery periods.
  • Integration with authentication infrastructure, such as Active Directory, LDAP, RADIUS, and multi-factor authentication, such as smart cards and RSA tokens. For example, can integrate with User Groups and Group Policy Objects in Active Directory.
  • Dramatically reduced deployment and upgrade costs. Administrators install and update/upgrade at only the central location.
  • Much improved security with ‘host checks’ for required security posture of both managed and extranet end-points. A vendor’s computer, for example, must have up-to-date anti-virus signatures before it will be permitted access to the approved applications for that vendor.
  • Ease-of-installation, typically in a couple of hours or less, and ease-of-administration, changing access policies and installing or modifying services (ie, access to applications).
  • Lower capital cost, since only once appliance is needed. Where needed, full site-to-site connectivity can be implemented using two appliances, in addition to providing secure remote access for individuals using the same appliances.
  • Secure encrypted communications from public locations such as wireless hotspots at cafes, hotels and airports. All data is encrypted by the browser on the host computer, precluding eaves-dropping at wireless hotspots, and even by (god forbid) spyware on the host computer!


What do you think is going to be next milestone in the development of SSL VPN products?

SSL VPNs will evolve with expanded host checks and more granular application of access policies depending on the security posture of each end-point. SSL VPNs are deployed today as ‘proxy appliances’, not at the gateway. They will incorporate more gateway like features, including firewall and anti-malware scanning. Perhaps the most important technology that will be integrated into SSL VPNs is bandwidth acceleration to provide seemingly higher capacity and response times. Already easy to deploy and administer, we expect SSL VPNs will further improve on their ease-of-use and ease-of-administration.

Spotlight

Leveraging network intelligence and deep packet inspection

Posted on 26 November 2014.  |  Tomer Saban, CEO of WireX Systems, talks about how deep packet inspection helps with identifying emerging threats, the role of network intelligence, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Nov 27th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //