- Mythbuster busts his own tale
- 10 open source companies to watch
- Sony recalls 73,000 Vaio laptops
- Tool to evade China's Web censorship
- Chrome and Firefox and add-ons
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
"Clientless VPN" technology is catching on as the term that describes products that serve as an alternative to traditional IP Security-based VPNs.
These products come into play when an IPSec-based VPN has too much overhead, has too many proprietary extensions, is too expensive or is too limiting to solve the problem at hand. Case in point: An extranet-type VPN, with hundreds or thousands of companies participating, would be almost impossible to manage using off-the-shelf IPSec technology.
Several vendors, including Aventail, Neoteris, Netilla, SafeWeb and TrueDisk, have introduced Secure Sockets Layer (SSL)-based VPN security gateways, while Check Point Software and Nortel have added SSL-based VPN service to their overall VPN products.
The key to SSL-based VPNs is a client application available on everyone's computer: the Web browser. An end user launches a Web browser and then connects, using HTTP-over-SSL, to the SSL security gateway. After the SSL gateway authenticates the user, it proxies the connection - typically using HTTP - to a Web server inside.
One common application example is Web-based e-mail, such as Outlook Web Access (OWA), the Web front end to Microsoft's popular Exchange mail system. By dropping an SSL-based VPN server in front of an OWA Web server, a network manager can add encryption, authentication and control without putting the additional load of SSL encryption directly on the OWA server.
In this context, SSL-based VPNs not only encrypt the traffic passing over the Internet, but also keep the unwashed masses from having direct contact with an Internet Information Server.
Some vendors have taken the idea of SSL-based VPNs even further by including protocol translators in their products. These gateway between the client-side HTTP-over-SSL and different protocols on the inside. This lets you browse your file system over the SSL VPN, for example.
The security model used in SSL-based VPNs is weaker than the one used in IPSec. There are more opportunities for outside attack, the cryptographic model is not as robust, and the authentication is not as strong.
Additionally, there are many applications that don't work over SSL-based VPNs. But for many applications, an SSL-based VPN can provide sufficient security with almost none of the headaches of a full IPSec-based remote access product.
Rss FeedRss Feed
Gartner summarizes its view on Application Delivery Controllers, evaluates strengths and weaknesses...
Vulnerability Management For DummiesDownload this concise book "Vulnerability Management for Dummies," to learn about the simple steps...
The ROI and TCO Benefits of Data Deduplication for Data Protection in the EnterpriseThis paper examines and quantifies the costs and benefits of backup with deduplication storage as...
Life on the edge of your WAN has changed dramatically. With the need to deliver advanced services,...
PoE Plus: Impact on the PoE MarketThe standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
We have so many holes punched in our firewalls today that many industry insiders question the value...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment