Book Image

SSL VPN : Understanding, evaluating and planning secure, web-based remote access

Book Image

SSL VPN : Understanding, evaluating and planning secure, web-based remote access

Overview of this book

Virtual Private Networks (VPNs) provide remote workers with secure access to their company network via the internet by encrypting all data sent between the company network and the user?s machine (the client). Before SSL VPN this typically required the client machine to have special software installed, or at least be specially configured for the purpose. Clientless SSL VPNs avoid the need for client machines to be specially configured. Any computer with a Web browser can access SSL VPN systems. This has several benefits: Low admin costs, no remote configuration Users can safely access the company network from any machine, be that a public workstation, a palmtop or mobile phone By pass ISP restrictions on custom VPNs by using standard technologies SSL VPN is usually provided by a hardware appliance that forms part of the company network. These appliances act as gateways, providing internal services such as file shares, email servers, and applications in a web based format encrypted using SSL. Existing players and new entrants, such as Nokia, Netilla, Symantec, Whale Communications, and NetScreen technologies, are rushing our SSL VPN products to meet growing demand. This book provides a detailed technical and business introduction to SSL VPN. It explains how SSL VPN devices work along with their benefits and pitfalls. As well as covering SSL VPN technologies, the book also looks at how to authenticate and educate users ? a vital element in ensuring that the security of remote locations is not compromised. The book also looks at strategies for making legacy applications accessible via the SSL VPN.
Table of Contents (14 chapters)
SSL VPN
Credits
About the Authors
Introduction
A Review of TCP, IP, and Ports

The Internet


In order to understand the security issues of the Internet, you first need to understand what the Internet really is. The Internet is not just one network. The Internet includes thousands of individual networks. The communication core of these networks is two protocols known as Transmission Control Protocol and Internet Protocol (TCP/IP) . These historic protocols provide connectivity between equipment from many vendors over a variety of networking technologies. The Transmission Control Protocol (TCP) is intended for use as a highly reliable host-to-host protocol in a packet-switched computer communication network. The Internet Protocol (IP) is specifically limited in scope to provide the functions necessary to deliver an envelope of data from one computer system to another. Each computer or device on a network will have some type of address that identifies where it is on the network.

Much like computers, the Internet is a new concept for the world of communication. In 1973 Vinton Cerf, a UCLA (University of California, Los Angeles) graduate student who is also known as the Father of the Internet, and Robert Kahn, an MIT (Massachusetts Institute of Technology) math professor, developed a set of software protocols to enable different types of computers to exchange data. The software they developed is now known as TCP/IP. The base part of the protocol is called IP or Internet Protocol. While the IP part of the protocol transports the packets of data between the various computer systems on the Internet, the TCP part ports data to the applications. TCP is the mechanism that allows the WWW (World Wide Web) to communicate. (All of this will be discussed in detail later in this book.) Programs are built on top of this medium, which allows communication between server and client. A network can be connected with cables and/or wireless adapters. Basically the computer is connected via a Network Interface Card (NIC) . The NIC card's job is to place data into the network. All network data is crafted into packets and each packet has the information needed to find its target computer and knows where it came from.