Friday, February 1, 2008

SSL-VPN: What is it?

by Mark Lambiase, MultiFactor Corp

SSL VPN is a new twist on an old idea; secure-remote-access.
For years businesses have leveraged Virtual Private Networks (VPNs) to improve access, increase productivity, and reduce costs.

The first remote-access model was a dial-up connection to the remote network. Once personal computers and portable computers gained widespread use in business the dial-up connection became familiar to many people. As the Internet began to grow, and the content and resources available grew, dial-up access became even more widely used, and new purposes, outside of business applications, became available to computer users. The problem with dial-up access was twofold; cost and speed. Dial-up connections are just that, a direct connection over the telephone, which means that tolls and fees could apply to all of the connections. And, speed. Well, I would wager that there are a lot of people using the Internet today who have never lived with dial-up speeds.

With the introduction of consumer broadband the growth of the Internet has been explosive. Today there is little you cannot do on-line. Entertainment, information and business applications are all on the Internet now, and those secure-remote-access users have a better and more productive experience than ever.

SSL VPN has adapted the idea of VPNs to use common software and network protocols to provide the features and value of a VPN. With SSL VPN you no longer require pre-installed client software, and a connection profile, to establish a secure remote access connection. All that is required is a web browser.

SSL VPNs today offer features that were not available with the precursor technology, called IPSec. (IP, the Internet Protocol, is the language of the Internet. It defines how computers connect to each other and share information over a network. IPSec is short for IP Security, and provides a framework for providing the integrity and confidentiality of information that passes over an unsecured network.)

IPSec essentially connects a computer to a secured network. It started gaining widespread use years ago, and like other uses of the Internet, saw explosive growth with the introduction and adoption of broadband technologies.

Not everyone remotely accessing a network needs to become a part of that network, though. As applications become webified, more and more of what we use computers for is available from a web browser. This includes managing account information, sharing data, streaming voice or video, and other purposes. Think of applications like on-line banking, web based e-mail, business applications like PeopleSoft and SharePoint. All you really need for these applications is for your web browser to be able to get to them.

This is one of the great security enhancements of SSL VPN; accessing data without exposing the network to computers, and the malicious software that may have compromised them. Network connectivity models still exist in SSL VPN, but it is not the only way to access the network.

And, since SSL VPN provides secure-remote-access in a web-based format, information and access can be organized and presented to people connecting to the network. Information and resources can be organized as links in a portal to guide people in to the network.

Then again, this can be a little scary for the security focused people in an organization. At least with IPSec there is some relative security in the obscurity of the software required to remotely connect to a network. SSL VPN, as part of its benefit of being web-based, exposes secure-remote-access to almost every computer that is connected to the Internet.

SSL VPN, today, has enough security features to make it a fast-growing model of secure-remote-access, and security tools like MultiFactor’s SecureAuth, can create a secure remote access solution that exceeds the security of IPSec without compromising the ease of use that is expected from it.

Cisco Systems, Inc., the world leader in providing network infrastructure, released the 8.x version of software for their Adaptable Security Appliance (the Cisco ASA) in June of 2007. This release of software significantly enhances the features and security of Cisco’s SSL VPN solution. In following posts we will discuss how to configure and secure the Cisco SSL VPN on the ASA, and the security benefits of incorporating SecureAuth for strong authentication.

MultiFactor SecureAuth and the Cisco® SSL VPN

Leveraging the features that Cisco has developed, SecureAuth can provide for a simple, secure strong authentication mechanism to protect access, data and resources. Strong authorization of the user self-service enrollment process protects credential distribution. Integration with existing back-end datastores eliminates the need to manage user accounts in more than one place, easing administration and lowering the overall cost of deploying SSL VPN for secure remote access.

Copyright 2008. MultiFactor Corporation. All Rights Reserved.
SEO Services & Blog Design by