The Need for Secure Remote Access
Telecommuters, regional salespeople, satellite and branch offices, and business partners are just a few groups who may need remote access to a corporation’s resources. Each group needs access, but the requirements are very different.
IPSec VPN:
- Dedicated,always-on connection
- Standards based
- Complex to implement [Need a client software]
- Performance constraints
- Access problems [require UDP Ports to open]
- No Detailed logging.
SSL VPN:
- Simple to deploy
- High Performance
- Uses well-known technologies
- Event Log, User Access log and Admin Access Log
- Not an always-on connection
How SSL VPNs Work
The communications tunnel allows communications between two computers over public networks securely so that other computers on those networks cannot access the communications between the two machines.
Tunneling involves encrypting all communications between the two computers so that even if another computer were to receive the communications, it would not be able to decipher the contents of the actual message between the machines
SSL VPNs create secure tunnels by performing two functions:
- Requiring authentication from users before allowing access so that only authorized parties can establish tunnels
- Encrypting all data transmitted to and from the user by implementing the actual tunnel using SSL
The process of establishing an SSL tunnel requires exchange of different configuration information between the computers on either end of the connection. The technical details related to communication and encryption protocols, key exchange.
Historically, VPN tunneling was typically performed at the Network Layer or lower. SSL VPNs work differently. They establish connectivity using SSL, which functions at Levels 4-5. They also encapsulate information at Levels 6-7 and communicate at the highest levels in the OSI model.