Book Image

SSL VPN : Understanding, evaluating and planning secure, web-based remote access

Book Image

SSL VPN : Understanding, evaluating and planning secure, web-based remote access

Overview of this book

Virtual Private Networks (VPNs) provide remote workers with secure access to their company network via the internet by encrypting all data sent between the company network and the user?s machine (the client). Before SSL VPN this typically required the client machine to have special software installed, or at least be specially configured for the purpose. Clientless SSL VPNs avoid the need for client machines to be specially configured. Any computer with a Web browser can access SSL VPN systems. This has several benefits: Low admin costs, no remote configuration Users can safely access the company network from any machine, be that a public workstation, a palmtop or mobile phone By pass ISP restrictions on custom VPNs by using standard technologies SSL VPN is usually provided by a hardware appliance that forms part of the company network. These appliances act as gateways, providing internal services such as file shares, email servers, and applications in a web based format encrypted using SSL. Existing players and new entrants, such as Nokia, Netilla, Symantec, Whale Communications, and NetScreen technologies, are rushing our SSL VPN products to meet growing demand. This book provides a detailed technical and business introduction to SSL VPN. It explains how SSL VPN devices work along with their benefits and pitfalls. As well as covering SSL VPN technologies, the book also looks at how to authenticate and educate users ? a vital element in ensuring that the security of remote locations is not compromised. The book also looks at strategies for making legacy applications accessible via the SSL VPN.
Table of Contents (14 chapters)
SSL VPN
Credits
About the Authors
Introduction
A Review of TCP, IP, and Ports

Tunneling to the Other Side


Another option for legacy access is by SSL VPN tunneling. The remote access methods described above meet the access needs of most remote users. Some users, however, may require client/server application access. In this case, a local client is installed on the user's PC and a remote server provides the services. Examples include CRM, e-mail, and custom applications. This can be provided by means of SSL tunneling technology as described in Chapter 3.

Tunneling Techniques

One example of this tunneling is implemented by the SSL VPN device using a built-in screen-scraping protocol that splits the emulation and display processing so that only the application's display is sent to the remote user's web browser.

In another technique, the SSL VPN will enable a small Java applet to download to the user's browser. The user will connect to the SSL VPN via a browser and authenticate. The applet will be initialized, and then the local 'client' can access the targeted server via...