|
| Recent
Articles |
ISDN Details You Must Know
CCNA exam success depends partially on knowing the details of ISDN, and there are plenty of them! To help you review for your CCNA exam, here are a few ISDN details that you must know on exam day. (They help...
Master Route Redistribution
To be successful on the BSCI exam and in earning your CCNP, you've got to master route redistribution. This isn't as easy as it sounds, because configuring route redistribution is only half the battle. Whether it's on...
Tips For Terminal Servers
Here's a list of tips to help ensure your Terminal Servers are functioning as efficiently as possible. These are rules I always abide by. Have a look, they may help you too... 1.) Sort your profiles out. Profiles are the biggest cause of slow logons and many other issues in Terminal...
Cisco CCNP / BSCI: Using The OSPF Command...
Your BSCI and CCNP exam success depends on knowing the details, and one such detail is knowing the proper way to summarize routes in OSPF. Route summarization is not just a test of your binary conversion abilities...
OSPF Route Redistribution Review
OSPF route redistribution is an important topic on the BSCI exam, and its a topic full of details and defaults that you need to know for the exam room and the job. To help you pass the BSCI exam, heres a quick...
|
 |
|
04.09.07
The Rise Of SSL VPNS
By Ian Kilpatrick
The growth of Secure Sockets Layer virtual private networks (SSL VPNs) has accelerated in the last 12 months due to greater awareness among users of the commercial advantages, better marketing which focuses on benefits rather than technology, and improved security features.
The ultimate goal of SSL VPN technology is to allow controlled, secure and managed access to any application, from any device and from any location. Early implementations had some limitations such as user account information not being cleared down from the browser after user sessions, no support for dynamic port assignment, support only for web-enabled applications, and no strong authentication of the user or the access device.
All of these, and other concerns, have been addressed as SSL technology has matured. Recent enhancements, for example, include the integration of user authentication. Many SSL VPN vendors offer, or are planning to offer, integrated third party strong authentication products such as those from VASCO and RSA. Netilla, from AEP Networks, and FirePass, from F5, both natively embed VASCO user authentication with their SSL VPN offerings.
The addition of "client integrity" is another significant step forward for SSL VPNs. Client integrity involves the scanning of the client access device to check for trojans, viruses, etc. and scanning to check if the device has the latest Microsoft security patches installed. This checking ensures that the device is "safe" and traffic from the device can be passed to the server side. Aventail, through their integration with Check Point's Zonelabs personal firewall, and Array Networks are two SSL VPNs which have implemented this feature.
An SSL appliance would normally sit behind the firewall taking all traffic from Port 443. Some SSL appliances have built-in firewalls that specifically protect the SSL device and can therefore sit in front of the firewall. Putting an SSL appliance in front of the firewall, without its own protection, leaves it open to potential hackers. As no client-side software is required, user security issues relate primarily to authentication and access security.
As a result of the growth in popularity of SSL VPNs, many manufacturers are jumping on the bandwagon and releasing their own products. Early technology evangelists were Netilla from AEP Networks, Neoteris from Juniper, and Aventail. These were followed by many other vendors including Check Point, Whale Communications, NetScaler, Array Networks and Nokia, who all offer SSL solutions. To date, there are some 70 different vendors providing an SSL product, with many more in the pipeline.
Benefits of SSL VPNs
1. No client software required for accessing web-enabled applications
Benefit: deployment, management and administration extremely simple and effective
2. SSL is a de-facto standard
Benefit: interoperability between different vendors and applications
3. Included as default in a number of web browsers
Benefit: no client software costs
4. As commonly deployed, only servers require digital certificates to establish the encrypted session
Benefit: enormous reduction in the requirement to manage certificates
SSL VPN Disadvantages
1. Optional (as opposed to in-built) user authentication. This is a major security weakness.
Continue reading this article.
About the Author:
Ian Kilpatrick, chairman Wick Hill Group
|
