The Need for Secure Remote Access

Telecommuters, regional salespeople, satellite and branch offices, and business partners are just a few groups who may need remote access to a corporation’s resources. Each group needs access, but the requirements are very different.

IPSec VPN:

  • Dedicated,always-on connection
  • Standards based
  • Complex to implement [Need a client software]
  • Performance constraints
  • Access problems [require UDP Ports to open]
  • No Detailed logging.

SSL VPN:

  • Simple to deploy
  • High Performance
  • Uses well-known technologies
  • Event Log, User Access log and Admin Access Log
  • Not an always-on connection

How SSL VPNs Work

The communications tunnel allows communications between two computers over public networks securely so that other computers on those networks cannot access the communications between the two machines.

Tunneling involves encrypting all communications between the two computers so that even if another computer were to receive the communications, it would not be able to decipher the contents of the actual message between the machines

SSL VPNs create secure tunnels by performing two functions:

  • Requiring authentication from users before allowing access so that only authorized parties can establish tunnels
  • Encrypting all data transmitted to and from the user by implementing the actual tunnel using SSL

The process of establishing an SSL tunnel requires exchange of different configuration information between the computers on either end of the connection. The technical details related to communication and encryption protocols, key exchange.

Historically, VPN tunneling was typically performed at the Network Layer or lower. SSL VPNs work differently. They establish connectivity using SSL, which functions at Levels 4-5. They also encapsulate information at Levels 6-7 and communicate at the highest levels in the OSI model.