VPN networks entered our life very seriously, and I think for a long time. This technology is used both in organizations to merge offices into a single subnet or to provide access to internal information of mobile users, and at home when accessing the Internet through an ISP.
SSL VPN technology has appeared, which is now very popular in Western companies, but in USA it hasn’t paid much attention to it yet. In this article I will try to describe how IPSec VPN differs from SSL VPN and what are the benefits of using SSL VPN within an organization.
IPSec VPN – its advantages and disadvantages
First of all, I would like to draw attention to the definition of a VPN, the most common is “VPN is a technology that connects trusted networks, sites and users through open networks that are not trusted” (© Check Point Software Technologies) . Indeed, in the case of trusted hosts, the use of IPsec VPN is the most economical way. For example, connecting the networks of remote offices into a single corporate network does not require laying or rent of dedicated lines, but using the Internet. By building secure tunnels between trusted networks, a single IP space is formed. But when organizing remote access for employees, IPsec solutions are used for a limited number of only trusted devices, for example, for corporate users’ laptops. To use IPsec VPN, the IT service must install and configure a VPN client for each trusted device (from which remote access is required), and support the operation of this application. When installing IPsec solutions, it is necessary to take into account their “hidden” cost associated with support and maintenance, since for each type of mobile client (laptop, PDA, etc.) and each type of network environment (access via an Internet provider, access from the company’s network client, access using address translation) requires the original configuration of the IPsec client.
In addition to support, there are several very important problems:
- Not all trusted mobile devices used in the company have VPN clients;
- In different subnets from which access is made (for example, a corporate network of a partner or a customer), the necessary ports can be closed and additional coordination of their opening is required. Such problems do not occur when using SSL VPN.
SSL VPN – user experience algorithm In order for a non-technical specialist to be interested in reading further, I will describe the process of using SSL VPN as a regular user.
Suppose you are on a business trip, in your company you could not provide a laptop for the duration of the trip. But you need:
- During your absence from the office do not fall out of the workflow;
- Send and receive e-mail;
- Use data from any business systems that operate in your company.
At your fingertips, at best, a computer on the network of the organization where you arrived on a business trip, with Internet access only via the http / https protocol, in the worst case – the usual Internet cafe in your hotel.
SSL VPN successfully solves all these tasks, and the level of security will be sufficient to work with critical information from the Internet cafe … In fact, you perform the following actions:
- You only need an Internet browser (Internet Explorer, FireFox, etc.);
- In the Internet browser, type the SSL VPN device address;
- Next, a Java applet or ActiveX component that offers you to authenticate is automatically downloaded and launched;
After authentication, the appropriate security policies are automatically applied:
- checks for malicious code (if detected, which is blocked);
- a closed information processing environment is created – all data (including temporary files) transferred from the internal network will be deleted from the computer from which access was performed after the session is completed;
- Also during the session, additional means of protection and control are used;
- After successfully completing the security procedures, all the necessary “one-click” links are available to you:
- Access to file servers with the ability to transfer files to the server;
- Access to the company’s web applications (for example, internal portal, Outlook Web Access, etc.);
- Terminal access (MS, Citrix);
- Tools for administrators (for example, ssh console);
- And, of course, the possibility of a full VPN via the https protocol (without the need to pre-install and configure the VPN client) – the configuration is transmitted directly from the office, in accordance with the authentication data.
The use of SSL VPN solves several problems:
- Significant simplification of the administration and user support process;
- Organization of secure access to critical information from untrusted sites;
- Can be used on any mobile devices, as well as on any computers (including Internet kiosks) with Internet access (without pre-installation and settings of special software).
SSL VPN – manufacturers and features
Hardware solutions dominate the SSL VPN market. SSL VPN solution providers include all well-known manufacturers of active network equipment: