|
Secure Sockets Layer virtual private network
|
Secure Sockets Layer virtual private network (SSL VPN) is a kind of VPN that runs on Secure Socket Layers technology and is accessible via [] over web browsers. It permits users to establish safe and secure remote access sessions from virtually any Internet connected browser. SSL functions between the Transmission Control Protocol (TCP) layer and Application Layer protocols. Corporate users are able to access confidential applications or shared files on standard web browsers. The main benefit of SSL VPN technology is that because it is user-based, not device-based, any authorized user can login from web-enabled PCs for secure, remote access of confidential files. The safety issues are similar to SSL-based credit card online transactions. For businesses, SSL VPN offers versatility, ease of use and secure, remote access to , telecommuters, partners and customers who can access the corporate network from multiple locations including home, client networks, public kiosks, and hotspots over varied devices like laptops, mobile devices and home and public desktops. This makes SSL VPN unique in providing anywhere, any device remote access which is not possible with other VPN solutions. History and development The concept of remote working originally grew out of the need to save an enterprise significant time, money and resources for an employee to work regularly from home rather than travel to a distant office. The introduction of SSL VPN brought a big change in delivering transparency towards remote access solutions. A newer way of providing mobility, extranet and complex business relationships implied a departure from the traditional notion of insiders versus outsiders in an organization- Trusted users rather than Trusted connections became the norm to be followed in granting any user internet access privileges. Security in SSL VPN was based on the premise that every user connection has to be viewed as external; and every user untrustworthy initially, until the users and not the devices, were authenticated and their location privileges identified. It allowed network access only to web based application such as Intranet websites. End users were authenticated and connected through a proxy-like SSL-enabled web server through which Enterprise Web applications could be accessed. Only limited resources were available and access was slow but end-users could connect from anywhere. Second-generation SSL VPNs As SSL VPNs began to mature, more types of secure access solutions were needed in the VPN platform. Initially, simple reverse proxy devices supporting pre-authentication and URL rewriting were introduced, which turned out to be more secure than reverse NAT first-generation devices. Next to be followed were Socket or Port forwarding devices that installed client software to listen for calls on specific port or socket, intercept those calls, and forward them to the SSL VPN gateway over an SSL link for detunneling. SSL VPN popularity in recent years has soared with the development of high speed internet connections from home, hotels, and conference centers. Operational overview SSL VPNs essentially leverage the ubiquity of Security Sockets Layer (SSL) encryption technology, which is built into almost every web or WAP browser. In comparison to IPsec which works at the IP layer, SSL sits on top of a transport protocol, such as TCP. It offers a mechanism that provides additional security to the end user's system. First, the secure access product offers a host-checker facility which performs client side checks on specific options. It also checks to ensure the existence and validity of files on the client's system such as an anti-virus scanner or a personal firewall. It can check for specific Windows Registry settings as well. High Return on Investment: Compared to dedicated SSL VPN appliances, a UTM’s SSL VPN functionality provides enhanced functionality at much reasonable investment. *SSL VPN depends on application translation for interfacing between a web server and a web browser. *SSL VPN vendors often talk of network extension clients which connect an end user's system to the corporate network with access controls only based on destination IP address and port number. This removes operating system independence and requires administrative access to every local system to install the client.
|
|
|