|
Tech Primer
SSL VPN
What is a SSL VPN?
 SSL
VPN (Secure Sockets Layer-Virtual Private Network) is a browser-based remote
access security solution that extends the reach of enterprise applications to
mobile workers, telecommuters, partners and customers.
How does SSL VPN differ from IPSec?
IPSec does not work in an extended enterprise network and is best suited for
site-to-site VPNs. Both IPSec and SSL can provide secure access to network applications,
but they operate in different ways. IPSec is typically used in conjunction with
IKE (Internet Key Exchange) for key management. It [IPSec] supports multiple
encryption algorithms (AES, DES, 3DES, RC4) and multiple integrity mechanisms
(MD5, SHA1), as well as authentication via X.509 certificates for network and
applications. IPSec works at layer 3 (the network layer) of the OSI stack to
encapsulate normal IP packets. IPSec VPNs can sometimes lead to increased security
risks as they create a tunnel between two points, providing direct (non-proxied)
access that is fully visible to the entire network. SSL VPN, on the other hand,
provides detailed access control, making it easy to allot access privileges
to different users depending upon their needs and authority. This kind of fine-grained
authorisation is often impossible or at best difficult not scalable in IPSec
VPNs.
How does this technology work?
It runs on layer 4 (the transport layer) of the OSI model. When a client establishes
a SSL-connection handshake with a server, the server is initially authenticated
by the client which verifies that a server’s certificate and public ID
are valid and have been issued by a trusted certificate authority. Then the
client and the server negotiate and select cryptographic algorithms that they
both support. The client is then authenticated by the server, and an encrypted
SSL connection established.
What are its advantages?
SSL VPN leverages the pervasive nature of the browser and its in-built SSL client
provides secure, client-less access to resources on the corporate network. SSL
VPN technology provides application access from outside the corporate firewall.
A flood of products built on existing Web-switching platforms has created a
market for SSL-based remote access. The technology provides client access options,
control, and security. Client installation and configuration is simpler and
it offers strong security for remote access using a secure, proxied connection
to those resources that a user is authorised to access. As a result, users never
have a direct network connection, which is safer. Split tunnelling or the ability
for an end-user to have access to the Internet and internal corporate resources
simultaneously can be controlled with a SSL VPN.
SSL is easier to deploy than IPSec because many corporate firewalls already
pass SSL traffic on account of it being the most popular encryption mechanism
for e-commerce transactions. SSL traffic can seamlessly pass through Network
Address Translation (NAT), whereas IPSec requires special handling. Significantly,
SSL VPN gives administrators per-user access control to a strictly specified
list of applications.
What is the future of SSL VPN?
SSL VPN is emerging as a viable alternative to full-blown VPN (IPSec), and it
is particularly suited to the needs of mobile workers and for extranet applications
where secure, controlled access to a specific set of applications is required.
When used in this fashion, SSL VPN is easier to deploy and maintain than a traditional
IPSec VPN. However, when network layer access is granted via an SSL connection,
all security and control advantages of a SSL VPN are lost. However, SSL VPN
vendors claim that network layer access can be achieved using a small-footprint
downloadable Active-X or Java application.
Who is providing these solutions in India?
Aventail, Juniper, Cisco, NetScaler, Nortel and Symantec are some of the vendors
offering these solutions in the country.
For more information visit findvpn.com/articles/
|
