Guide to SSL VPN
Continue reading the Guide to SSL VPN at
SSL VPNs means remote access made easy
Primer on how SSL VPN technology works
By Tim Greene
SSL VPNs connect remote computers to networks securely by invoking the SSL protocol that authenticates machines and encrypting communications.
There is no SSL VPN standard, so individual vendors can implement these VPNs in slightly different ways, but here is a description of how they work in general.
The first step is for the browser on the remote computer to connect with the SSL VPN gateway. That is a device that typically sits inside the corporate firewall and acts as a go-between with servers. The user authenticates to the gateway using any of a variety of methods and is granted access.
As part of the authentication process, the gateway can assess the remote machine to determine whether it is a managed device. If it is managed, the gateway can scan it to determine whether it is compliant with network-security policies. These checks can look for whether the device has a personal firewall properly configured and turned on, or whether updated antivirus software that is turned on.
Unmanaged machines may not allow such scans and are classified as having an unknown compliance state.
The gateway also can determine how the device is attempting to connect to the network, whether over the Internet, from the LAN or via a Wi-Fi access point.
The gateway digests all these factors to determine the combined security status of the user, the machine used and the access method. Based on the authentication results, preset policies dictate whether the user gets access and, if so, how much.
For instance, a company employee using a properly configured managed machine connecting over the Internet might gain full network access. That same employee using a borrowed machine and accessing via the Internet might get only e-mail access.
To gain full network access via SSL VPN requires an agent running on the remote device. This is typically a download that is made during the connection process, and it dissolves at the end of the session. Some vendors offer agents that persist, so the next time the same device tries to connect to the VPN, the agent download is unnecessary.
Because SSL is an application-layer technology, policies can be set in a detailed way to restrict the access a remote user gets, application by application.
SSL VPNs use Port 443, which most corporate firewalls typically leave open. This makes it possible to use SSL VPNs without making policy changes to the firewalls.
- Sponsored Resource:How does your network security compare to those of your peers? Visit the CDW Security Center to find out.
- Sponsored Resource:Learn more about ultra light notebooks from Asus and the best warranty in the industry.
- Sponsored Resource:Thinking about a new Laptop? Lenovo has models to meet everyone's needs.
- Sponsored Resource:Get the truth about remanufactured ink. Learn more from HP.
- Sponsored Resource:Six smart ways to grow small business IT
News For Your Business
- Early Security Issues Tarnish Google's Chrome
- Microsoft's IE Market Share Drops Again
- Researcher: Chrome's Isolated Tabs Make It Memory 'Pig'
- VMware ESX Bug Causes Outage
- Google Adds Features to Enterprise Search Appliance
Community Comments