SSL VPNs - You Can't Afford to Ignore Them
by Calum Macleod - Netilla Networks Ltd - Tuesday, 10 February 2004
A favourite argument for the IPsec fraternity is that IPsec is more secure because of advanced cryptographic algorithms, etc. In practice the frequently complex design, married with a myriad of acronyms and settings that most of us cannot understand, gives it a very soft underbelly. How many IT administrators have installed IPsec VPNs by simply selecting the "default" option on the many settings that have to be defined? For all we know we could be setting all security to the Off position, and telling our management board that we're bomb proof because our IPsec VPN supports AES - It may well do, but it's not doing us much use if we switched it off by default - Suggest you go and check just to be on the safe side!

SSL on the other hand is simple and straight forward - Excellent authentication to get the process going, including client side certificates if you want to get ambitious, seamless negotiation of the encryption to be used during the session, and all the necessary bits and bobs to protect against the evil man-in-the middle, and all built into the users PC when they start their browser!

The Clincher

The real benefit of the SSL VPN is that it uses the ubiquitous browser that is found on virtually every machine today. Regardless of how limited one's IT know-how might be you would be hard pressed to find a user who has not used the browser.

So just imagine that you believed what was written on the tin, and then found that it wasn't there when you opened it. Well you may end throwing your tin back at the vendor who sold it to you, but as far as you're users go, the browser is still the browser. Imagine carrying out several IPsec pilots with different vendors. Each time you did so you would be removing and reinstalling client software. The beauty of the SSL approach is you can test as many vendors as you like, and although they all differ in some ways, and some offer less functionality than others, they all have one thing in common - their "VPN client" is the browser!

Oh Yes - the Peripheral Issues

Whatever it is that comes on the market today, and revolves around security, whether it be anti-virus, authentication tokens, personal firewalls, secure desktops, you name it; all these products are designed to work with a particular application called the browser. Is there a more secure foundation on which to build your secure access infrastructure than the browser, and you can tell your management you've already deployed it! Nothing stands still in this industry and SSL VPNs are accelerating remote access in ways that we could not even imagine two or three years ago. Suggest you check it out.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th