SSL VPN : Understanding, evaluating and planning secure, web-based remote access

SSL VPN : Understanding, evaluating and planning secure, web-based remote access

Overview of this book

Virtual Private Networks (VPNs) provide remote workers with secure access to their company network via the internet by encrypting all data sent between the company network and the user?s machine (the client). Before SSL VPN this typically required the client machine to have special software installed, or at least be specially configured for the purpose. Clientless SSL VPNs avoid the need for client machines to be specially configured. Any computer with a Web browser can access SSL VPN systems. This has several benefits: Low admin costs, no remote configuration Users can safely access the company network from any machine, be that a public workstation, a palmtop or mobile phone By pass ISP restrictions on custom VPNs by using standard technologies SSL VPN is usually provided by a hardware appliance that forms part of the company network. These appliances act as gateways, providing internal services such as file shares, email servers, and applications in a web based format encrypted using SSL. Existing players and new entrants, such as Nokia, Netilla, Symantec, Whale Communications, and NetScreen technologies, are rushing our SSL VPN products to meet growing demand. This book provides a detailed technical and business introduction to SSL VPN. It explains how SSL VPN devices work along with their benefits and pitfalls. As well as covering SSL VPN technologies, the book also looks at how to authenticate and educate users ? a vital element in ensuring that the security of remote locations is not compromised. The book also looks at strategies for making legacy applications accessible via the SSL VPN.

SSL VPN

Credits

About the Authors

Introduction

Free Chapter

Introduction to SSL VPN

The Internet

Reference Models

Introducing Hacker Bob

VPNs

VPN Examples

IPsec Vs. SSL VPN

Trusted Networks

The DMZ

Summary

SSL VPN: The Business Case

SSL VPN: A Historical Background

Remote Access: Measuring Return-on-Investment

So What Does SSL VPN Actually Give Me?

Summary

How SSL VPNs Work

Appliances Vs. Software

The SSL Protocol

Establishing Secure Tunnels Using SSL

Reverse Proxy Technology

SSL Remote Access: Reverse Proxy Technology Plus

SSL VPN Sample Session

Summary

SSL VPN Security

Authentication and Authorization

End Point Security Concerns

Department of Defense (DoD) Requirements

Server-Side Security Issues

Summary

Planning for an SSL VPN

Determining Business Requirements

Selecting an Appropriate SSL VPN

Determining which SSL VPN Functions to Use

Where to Deploy the SSL VPN server

Planning for Deployment

User and Administrator Training

Summary

Educating the User

Building an Education Plan

Summary

Legacy Data Access

Computing Elements

Applications

The Web Challenge

Meeting the Challenge

Tunneling to the Other Side

Other Applications

Summary

The Future of SSL VPN Technology

Standardized Feature Sets

Interfaces

SSL VPN Products for Small, Medium, and Large Organizations

Application-Specific SSL VPNs

Merging with IPSec VPN and Firewall Technology

SSL Access Platforms

Support for More Diverse Computers

Improved Performance and Reliability

Voice-Over-IP

Two "Business Developments"

Summary

A Review of TCP, IP, and Ports

SSL VPN Gateways

Check Point Software Technologies

EnKoo

Nokia

SafeNet

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Reference Models

The process of creating data packets is based on two connection models—the OSI and DARPA reference models. The Open Systems Interconnection (OSI) model is a standard reference model for how network data is transmitted between any two points in a computer network. TCP/IP in its most basic form supports the Defense Advanced Research Projects Agency (DARPA) model of internetworking and its network-defined layers. Much like the DARPA model, the OSI was designed to connect dissimilar computer network systems. The OSI reference model defines seven layers of functions that take place at each end of a network communication:

OSI Reference Model

Layer	Description
Application (7)	This is the layer at which programs are identified; user authentication and privacy are implemented here.
Presentation (6)	This is a layer—usually part of an operating system—that converts incoming and outgoing data from one presentation format to another.
Session (5)	This layer sets up, coordinates, ends conversations, exchanges, and dialogs between the applications at each end of the dialog.
Transport (4)	This layer manages the end-to-end control and error checking.
Network (3)	This layer handles the routing and forwarding of the data.
Data link (2)	This layer provides error control and synchronization for the physical level.
Physical (1)	This layer transmits the bit stream through the network at the electrical and mechanical level.

TCP/IP also has a much simpler protocol model called the DARPA model:

DARPA Model

Layer	Description
Process (4)	This is the layer where higher-level processes such as `FTP, SMTP`, and `HTTP` are defined and executed.
Host to Host (3)	This is where TCP lives. This is the mechanism that actually ports the data to the correct application. TCP ports are defined here.
Internet (2)	IP addresses are used to direct packets to the correct destination. Routing protocols live here along with Address Resolution Protocol (ARP) and Internet Control Message Protocol (ICMP) .
Network Interface (1)	This is the physical connection to the network: Ethernet, token ring, and so on. The packets are placed onto the network at this point.

SSL VPN : Understanding, evaluating and planning secure, web-based remote access

SSL VPN : Understanding, evaluating and planning secure, web-based remote access

Overview of this book

Related Content you might be interested in

Current Title:

SSL VPN : Understanding, evaluating and planning secure, web-based remote access

Reference Models

OSI Reference Model

DARPA Model