SSL VPN vs. IPSec VPN
|
|
- Brianne Annabella Lloyd
- 8 years ago
- Views:
Transcription
1 SSL VPN vs. IPSec VPN White Paper 254 E. Hacienda Avenue Campbell, CA (408) SSL VPN vs. IPSec VPN Copyright 2002 Array Networks, Inc.
2 SSL VPN vs. IPSec VPN White Paper Introduction Virtual Private Networks or VPNs allow corporate enterprises to extend access to their internal networks to external employees and partners over standard Internet public networks. The primary reason VPNs came to be was the immense expense lease line solutions incurred. An enterprise had to have a physically closed network connection between its partners and remote employees, either through dial-up RAS (Remote Access Server) solutions into the enterprise network, or lease fractional T1 type connections between remote offices and partners. What is a VPN really? VPNs are the enabling technology, which allows for clients (employees) and partners to use standard public Internet ISPs and high-speed lines to access closed private networks. A common misconception is that VPNs are always IPSec protocol solutions. In fact, there are many encryption and security protocols, which offer the functionality of a VPN. SSL is one such protocol. What is an encryption or security protocol? Encryption and security protocols are transmission protocols, which are used to transmit high value data securely. Encryption, which is at the core of any security protocol, gives you three fundamental advantages over clear-text or unencrypted data: Data privacy - or the ability to hide the data which is being transmitted Data authenticity and integrity - because of the math involved in encryption, security protocols have the ability to ensure data has not been modified or damaged in transit Non-repudiation - another feature of the math contained in encryption is the ability to prove an act occurred What is IPSec? IPSec or Internet Protocol Security, the security protocol most commonly associated with a VPN is an encryption protocol, which provides for secure encrypted data transmission at the Network Layer across a public network such as the Internet. Two parties who wish to create an IPSec tunnel must first negotiate on a standard way to communicate. Since IPSec supports several modes of operation, both sides must first decide on the security policy and mode to use, which encryption algorithms they wish to communicate with and what type of authenticate method to use. In IPSec, all protocols, which sit upon the network layer, are encrypted (once an IPSec tunnel is created) between the two communicating parties. TCP, UDP, SNMP, HTTP, POP, AIM, KaZaa etc, are all encrypted regardless of their built in (or lack of built in) security and encryption. IPSec issues and complaints Because IPSec sits at the network layer not only is all your network traffic encrypted, but also the user gains access to all company resources as if they were physically resident in the office connected to that LAN. You may or may not want partners or temporary remote employees to be part of your network. Your network may only need to have a small portion of its traffic secure. You may not want to encrypt everything from the remote client to the corporate network. 2 SSL VPN vs. IPSec VPN Copyright 2002 Array Networks, Inc.
3 Issue 1: Client software IPSec requires special-purpose client software, which in most cases replaces or augments the client systems TCP/IP stack. In many systems this introduces the risk of compatibility issues with other system software as well as the security risk of Trojan Horses being loaded especially if the client software is downloaded through the Web and not installed by an IT person. Due to the way IPSec was created and the lack of conformance to the standard, nearly all IPSec implementations are proprietary and not compatible with each other. In some cases IPSec runs on a network hardware appliance. With these types of solutions most often both communicating sides have to have the same hardware. The same compatibility issues with the client software apply to the IPSec enabled hardware. IPSec clients are bound to a specific laptop or desktop system. This limits the mobility of the users, as they cannot connect to the VPN without an IPSec client first being loaded on the client system they use to access the network. No roaming access from airport lounges here Issue 2: IT support IPSec solutions require immense amounts of IT support for both implementation and long term maintenance. Large corporations often have several helpdesk personnel devoted to supporting their employees who work remotely via IPSec. Issue 3: Platform limitations IPSec clients typically only run on Windows machines. There are very few implementations of IPSec for any other PC platform (Mac, Linux, Solaris etc.) What is SSL (SSL proxy) and how is it different? SSL or Secure Sockets Layer is an application layer protocol used most often to secure web-based communications over the Internet. SSL uses encryption and authentication much like IPSec. However SSL only encrypts the traffic between two applications that wish to speak to each other. SSL does not encrypt all the traffic from one host to another. For most client applications, encrypting all the traffic from one system to another is not required, and a solution that just encrypts the application data is more appropriate. Within SSL, each application is secured individually, unlike IPSec, which operates independent of the application. An application must be SSL aware to be able to speak SSL. Common applications, which are SSL aware today, are Web browsers such as Internet Explorer and Netscape, applications such as Outlook and Eudora include a feature called ESMTP or SMTP over SSL. Why use an SSL proxy? There are many reasons to use a SSL proxy instead of communicating directly from a client to a SSL enabled resource. The most evident reason is performance. Reason 1: Increased performance SSL itself is a very fast protocol, however like any encryption protocol there are special CPU intense math computations that need to take place before a secure session is established. One such example is the RSA algorithm. The RSA algorithm is used within SSL to negotiate keys between a client and a server. As part of this key negotiation, the server must decrypt and verify a digital signature - both are 3 SSL VPN vs. IPSec VPN Copyright 2002 Array Networks, Inc.
4 computationally intense operations. Most modern Web servers, for example, can only accept about 75 new SSL connections per second, and for each new connection this RSA decrypt and verify operation must be performed. If the system were to take any more than 75 connections per second, the CPU utilization would reach far beyond what is acceptable and the server would stop responding to network requests. To increase the server s capacity, SSL proxies may include what is called a SSL accelerator. A SSL accelerator is much like a math co-processor in the 486SX/DX PC days. The SSL accelerator performs the computationally intense operations formally performed by the servers CPU and offloads those operations to a purpose built processor. The server, which was only able to perform 75 RSA sessions/second, can now handle well over 800 sessions/second. You may wonder why would you need an SSL proxy if your server has an SSL accelerator. The questions to ask are: How many servers do you have which may need this SSL acceleration? Do you have the resources to purchase SSL accelerators for each of those servers? The advantage of an SSL proxy is that you can utilize the SSL accelerator once for many servers. In the Array SP (Security Proxy) from Array Networks, for example, you may open 800 SSL connections per second to the clients accessing your resource, while maintaining an SSL connection from the proxy to the back end server as well. Note the Array SP is able to open a reduced number of SSL connections to the back end while serving up to 800 sessions/second on the front of the Array SP. The advantage of this is your Web server is never overloaded with SSL connection requests. Reason 2: Authentication Another issue with the traditional SSL protocol is its lack of built-in authentication methods. SSL includes cryptographic authentication for both the server and the client. However, all of that security is based on one premise: The client s cryptographic private-key was kept secure. If the key has been compromised or left unattended, you may no longer be able to trust the client. It may be necessary to add additional authentication methods on top of SSL to ensure the user or client is who they say they are. A SSL proxy, however, will strongly authenticate the clients before they ever connect to the back end resource. SSL proxies will enforce much stronger authentication methods than a back end resource could ever support natively. Many Web servers today do not natively support authentication methods other than SSL. Why use an SSL proxy over an IPSec VPN? No client-side software or hardware requirements A key advantage to an SSL proxy is that no client software needs to be loaded and distributed through your client base. SSL proxies can use standard Web browsers and clients, which are already enabled to use SSL. Easy-to-use, easy-to-support Web interface Web browsers and SSL enabled clients exist in many form factors today including Windows, Macintosh, Linux/UNIX, PDAs and even cell phones all can communicate securely via SSL. People are already familiar with how to use these tools so end-user training is greatly reduced. End-to-End vs. End-to-Edge Security One of the major disadvantages of IPSec is that it only creates a secure tunnel between a client and an edge VPN Server. When the client requests access to a resource he is treated as if he was a member of 4 SSL VPN vs. IPSec VPN Copyright 2002 Array Networks, Inc.
5 that same network as the resource resides. The only secure connection is the one between the client and the edge of the corporate network, however all the data running over the internal network is in the clear, including any passwords and sensitive data that are sent. With SSL a secure tunnel is established directly from the client to the resource the client is accessing. True end-to-end security. No data is sent in the clear neither on the internal network nor on the Internet. Everything from the client to the resource is securely authenticated and encrypted. 90% of traffic is Web and based Approximately 90% of all corporate Intranet and Extranet traffic is standard Web and -based traffic. The other 10% is comprised of other protocols such as X11, chat protocols and other proprietary fat client applications that are not web-enabled. For those networks that have primarily Web and traffic, a VPN solution based on IPSec may not be the best choice. The complexity and instability of IPSec client software, in addition to the mobility issues of your clients, put into question the usefulness of a VPN based on IPSec. SSL provides for a much more mobile and simple solution to administer. 5 SSL VPN vs. IPSec VPN Copyright 2002 Array Networks, Inc.
6 Which technology is right for me? IPSec Should be used to secure those protocols which are not SSL enabled SSL Should be used for all Web and SSL enabled traffic. Authentication Encryption Overall Security Accessibility Cost SSL-based VPN One way authentication tokens Two way authentication tokens Digital certificates Strong Encryption Browser based End to End security Client to Resource encrypted Anywhere anytime access to broadly distributed user base Low No additional client software needed IPSec-based VPN Two way authentication using tokens Digital certificates Strong Encryption Depends on implementation Edge to client Client to VPN gateway only encrypted Access limited to well-defined and controlled user base High Managed client software required Installation Plug and play installation No additional client-side software or hardware installation Simplicity for user Very user friendly - uses familiar Web browsers Applications Supported No end user training required Web-enabled applications File sharing Often long deployments Requires client-side software or hardware Challenging for non-technical users Requires training All IP-based services Users Customers, Partners employees, remote More suited for internal company use users, vendors etc. Scalability Easily deployed and scalable Scalable on server side Difficult to scale clients Summary This white paper examines the major differences between IPSec based VPNs and SSL based VPNs. The advantages and disadvantages of each were explored. What you find is that for most intranet and extranet traffic, a VPN based on IPSec might not be the best solution after all. Considering the push to web-enable legacy corporate data, the need for a VPN based on IPSec is put into question. The requirement of a fat, unreliable client on every desktop just to access your corporate e- mail and intranet Web site, is perhaps not the best approach to corporate security or IT policy. 6 SSL VPN vs. IPSec VPN Copyright 2002 Array Networks, Inc.
IPSec vs. SSL: Why Choose?
Remote VPN Access from Anywhere An OpenReach Backgrounder Comparing VPN Technologies 660 Main Street Woburn, MA 01801 888.783.0383 www.openreach.com Copyright 2002,, which is solely responsible for its
More informationEnterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere
Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere White Paper 7KH#&KDOOHQJH Virtual Private Networks (VPNs) provides a powerful means of protecting the privacy and integrity
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationTechnical papers Virtual private networks
Technical papers Virtual private networks This document has now been archived Virtual private networks Contents Introduction What is a VPN? What does the term virtual private network really mean? What
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationVirtual Private Networks: IPSec vs. SSL
Virtual Private Networks: IPSec vs. SSL IPSec SSL Michael Daye Jr. Instructor: Dr. Lunsford ICTN 4040-001 April 16 th 2007 Virtual Private Networks: IPSec vs. SSL In today s society organizations and companies
More informationCase Study for Layer 3 Authentication and Encryption
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
More informationRemote Access VPNs Performance Comparison between Windows Server 2003 and Fedora Core 6
Remote Access VPNs Performance Comparison between Windows Server 2003 and Fedora Core 6 Ahmed A. Joha, Fathi Ben Shatwan, Majdi Ashibani The Higher Institute of Industry Misurata, Libya goha_99@yahoo.com
More informationVPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationSecure web transactions system
Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends
More informationRemote-Access VPNs: Business Productivity, Deployment, and Security Considerations
Remote-Access VPNs: Business Productivity, Deployment, and Security Considerations Choosing Remote-Access VPN Technologies, Securing the VPN Deployment Defining Remote-Access VPNs Remote-access VPNs allow
More informationSecurity Policy Revision Date: 23 April 2009
Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure
More informationHow To Understand And Understand The Security Of A Key Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
More informationOther VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer
Other VPNs TLS/SSL, PPTP, L2TP Advanced Computer Networks SS2005 Jürgen Häuselhofer Overview Introduction to VPNs Why using VPNs What are VPNs VPN technologies... TLS/SSL Layer 2 VPNs (PPTP, L2TP, L2TP/IPSec)
More informationVirtual Private Networks Solutions for Secure Remote Access. White Paper
Virtual Private Networks Solutions for Secure Remote Access White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information
More informationProfessional Integrated SSL-VPN Appliance for Small and Medium-sized businesses
Professional Integrated Appliance for Small and Medium-sized businesses Benefits Clientless Secure Remote Access Seamless Integration behind the Existing Firewall Infrastructure UTM Security Integration
More informationSecure remote access to your applications and data. Secure Application Access
Secure Application Access Secure remote access to your applications and data Accops HySecure is an application access gateway that enables secure access to corporate applications, desktops and network
More informationUsing Entrust certificates with VPN
Entrust Managed Services PKI Using Entrust certificates with VPN Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered trademark
More informationFEATURE. THE RISE OF SSL VPNS by Ian Kilpatrick, chairman Wick Hill Group. Summary of feature. 1300 words. * Recent growth of SSL VPNs
FEATURE THE RISE OF SSL VPNS by Ian Kilpatrick, chairman Wick Hill Group 1300 words Summary of feature * Recent growth of SSL VPNs * Aim of VPN technology - controlled, secure and managed access to any
More informationIPSec or SSL VPN? Copyright 2004 Juniper Networks, Inc. www.juniper.net 1
IPSec or SSL VPN? Copyright 2004 Juniper Networks, Inc. www.juniper.net 1 Copyright 2004 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 2 The Traditional Extended Enterprise Fixed
More informationTel: 905.940.9000 Toll-Free: 800.668.5769 Fax: 905.940.9009 Oct 2005 Email: info@cail.com Website: www.cail.com. CAIL Security Facility
Tel: 905.940.9000 Toll-Free: 800.668.5769 Fax: 905.940.9009 Oct 2005 Email: info@cail.com Website: www.cail.com CAIL Security Facility Table of Contents A. Overview B. CAIL Security Solutions C. Summary
More informationTechnical White Paper BlackBerry Enterprise Server
Technical White Paper BlackBerry Enterprise Server BlackBerry Enterprise Edition for Microsoft Exchange For GPRS Networks Research In Motion 1999-2001, Research In Motion Limited. All Rights Reserved Table
More informationWhite Paper. The risks of authenticating with digital certificates exposed
White Paper The risks of authenticating with digital certificates exposed Table of contents Introduction... 2 What is remote access?... 2 Authentication with client side digital certificates... 2 Asymmetric
More informationTi m b u k t up ro. Timbuktu Pro Enterprise Security White Paper. Contents. A secure approach to deployment of remote control technology
The #1 Remote Control and File Transfer Software Contents 1 Introduction 1 Application Level Security 2 Network Level Security 2 Usage Examples 4 Summary 4 Appendix A Setting Up a Firewall for Timbuktu
More informationWEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)
Outline WEB Security & SET (Chapter 19 & Stalling Chapter 7) Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction (SET) Web Security Considerations
More informationSECURE ACCESS TO THE VIRTUAL DATA CENTER
SOLUTION BRIEF SECURE ACCESS TO THE VIRTUAL DATA CENTER Ensure that Remote Users Can Securely Access the Virtual Data Center s Virtual Desktops and Other Resources Challenge VDI is driving a unique need
More informationE-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)
E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system
More informationEndpoint Security VPN for Mac
Security VPN for Mac E75 Release Notes 8 April 2012 Classification: [Protected] 2012 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by
More informationINTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002
INTERNET SECURITY: FIREWALLS AND BEYOND Mehernosh H. Amroli 4-25-2002 Preview History of Internet Firewall Technology Internet Layer Security Transport Layer Security Application Layer Security Before
More informationCitrix MetaFrame XP Security Standards and Deployment Scenarios
Citrix MetaFrame XP Security Standards and Deployment Scenarios Including Common Criteria Information MetaFrame XP Server for Windows with Feature Release 3 Citrix Systems, Inc. Information in this document
More informationVirtual Private Networks
Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication
More informationWindows in a Browser Secure Remote Access with HOB RD VPN
Windows in a Browser Secure Remote Access with HOB RD VPN by Patrick Oliver Graf HOB March 2006/ Rev. 3 February 2010 1 of 5 Introduction This white paper describes the possibilities of Secure Remote Access
More informationIP-VPN Architecture and Implementation O. Satty Joshua 13 December 2001. Abstract
Abstract Virtual Private Networks (VPNs) are today becoming the most universal method for remote access. They enable Service Provider to take advantage of the power of the Internet by providing a private
More informationBirdstep Intelligent Mobile IP Client v2.0, Universal Edition. Seamless secure mobility across all networks. Copyright 2002 Birdstep Technology ASA
White Paper Birdstep Intelligent Mobile IP Client v2.0, Universal Edition Seamless secure mobility across all networks Copyright 2002 Birdstep Technology ASA Haakon VII's gate 5B, N-0161 Oslo, Norway Tel:
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationBarracuda SSL VPN Administrator s Guide
Barracuda SSL VPN Administrator s Guide Version 1.5.x Barracuda Networks Inc. 3175 S. Winchester Blvd. Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2004-2009, Barracuda Networks,
More informationCitrix Access Gateway
F E A T U R E S O V E R V I E W Citrix Access Gateway Citrix Access Gateway is a universal SSL VPN appliance that combines the best features of IPSec and typical SSL VPNs without the costly and cumbersome
More informationWhite Paper: Managing Security on Mobile Phones
White Paper: Managing Security on Mobile Phones April 2006 Managing Security on Mobile Phones April 2006 Table of Contents Abstract...2 Executive Summary...2 The Importance Of Managing Security On Mobile
More informationPermeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions
Permeo Technologies WHITE PAPER HIPAA Compliancy and Secure Remote Access: Challenges and Solutions 1 Introduction The Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996 has had an
More informationMAC Web Based VPN Connectivity Details and Instructions
MAC Web Based VPN Connectivity Details and Instructions UMDNJ s Web-based VPN utilizes an SSL Based Cisco Application that provides VPN functionality without having to install a full client for end users
More informationLicenses are not interchangeable between the ISRs and NGX Series ISRs.
Q&A Cisco IOS SSL VPN Q. What is Cisco IOS SSL VPN or SSL VPN? A. Secure Sockets Layer (SSL)-based VPN is an emerging technology that provides remote-access connectivity from almost any Internet-enabled
More informationSecure Virtual Assist/ Access/Meeting
Secure Virtual Assist/ Access/Meeting Easy-to-use tools for secure remote support, PC control and collaboration Technical support by phone, email, chat and pre-installed remote support clients can be cumbersome,
More information10 Secure Electronic Transactions: Overview, Capabilities, and Current Status
10 Secure Electronic Transactions: Overview, Capabilities, and Current Status Gordon Agnew A&F Consulting, and University of Waterloo, Ontario, Canada 10.1 Introduction Until recently, there were two primary
More informationA Web Broker Architecture for Remote Access A simple and cost-effective way to remotely maintain and service industrial machinery worldwide
p 1/6 White Paper A Web Broker Architecture for Remote Access A simple and cost-effective way to remotely maintain and service industrial machinery worldwide Francis Vander Ghinst Head of Sales & Marketing
More informationNovell Access Manager SSL Virtual Private Network
White Paper www.novell.com Novell Access Manager SSL Virtual Private Network Access Control Policy Enforcement Compliance Assurance 2 Contents Novell SSL VPN... 4 Product Overview... 4 Identity Server...
More informationSteelcape Product Overview and Functional Description
Steelcape Product Overview and Functional Description TABLE OF CONTENTS 1. General Overview 2. Applications/Uses 3. Key Features 4. Steelcape Components 5. Operations Overview: Typical Communications Session
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationTable of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2
Table of Contents 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2 2 Features and Benefits 2-1 Key Features 2-1 Support for the Browser/Server Resource Access Model 2-1 Support for Client/Server
More informationWhy Switch from IPSec to SSL VPN. And Four Steps to Ease Transition
Why Switch from IPSec to SSL VPN And Four Steps to Ease Transition Table of Contents The case for IPSec VPNs 1 The case for SSL VPNs 2 What s driving the move to SSL VPNs? 3 IPSec VPN management concerns
More informationVPN SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region
VPN SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the
More information2003, Rainbow Technologies, Inc.
Expertise Corporate 25 Years of Security SMB to Fortune 30 Access Control 28 Million Hardware Keys 50% Token market share 6 Years of ikey Web Security 10 Years of SSL Secure > 50% of the Data NetSwift
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationApplication Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )
Application Note Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) This document describes how to configure McAfee Firewall Enterprise to provide
More informationHughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R
HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R HughesNet Managed Broadband Network Services include a high level of end-toend security utilizing a robust architecture designed by
More informationChapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding
Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN
More informationPrivyLink Internet Application Security Environment *
WHITE PAPER PrivyLink Internet Application Security Environment * The End-to-end Security Solution for Internet Applications September 2003 The potential business advantages of the Internet are immense.
More informationBarracuda Networks Technical Documentation. Barracuda SSL VPN. Administrator s Guide. Version 2.x RECLAIM YOUR NETWORK
Barracuda Networks Technical Documentation Barracuda SSL VPN Administrator s Guide Version 2.x RECLAIM YOUR NETWORK Copyright Notice Copyright 2004-2011, Barracuda Networks, Inc. www.barracuda.com v20-110511w-02-110915jc
More informationExpertcity GoToMyPC and GraphOn GO-Global XP Enterprise Edition
Remote Access Technologies: A Comparison of Expertcity GoToMyPC and GraphOn GO-Global XP Enterprise Edition Contents: Executive Summary...1 Remote Access Overview...2 Intended Application... 2 Revolutionary
More informationHow to Optimize MS Outlook Exchange Traffic Over SSL
How to Optimize MS Outlook Exchange Traffic Over SSL All Silver Peak appliances are equipped with patented Network Memory TM technology for WAN deduplication. Network Memory inspects all inbound and outbound
More informationWindows 2000 Security Architecture. Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation
Windows 2000 Security Architecture Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation Topics Single Sign-on Kerberos v5 integration Active Directory security Delegation of authentication
More informationSSL VPN Technology White Paper
SSL VPN Technology White Paper Keywords: SSL VPN, HTTPS, Web access, TCP access, IP access Abstract: SSL VPN is an emerging VPN technology based on HTTPS. This document describes its implementation and
More informationStudy on Remote Access for Library Based on SSL VPN
, pp.111-122 http://dx.doi.org/10.14257/ijca.2016.9.1.11 Study on Remote Access for Library Based on SSL VPN Mei Zhang Library, Linyi University, Shandong, 276000, China zhangmei7596@163.com Abstract With
More informationereview Security Overview Security Overview
Security Overview 1 This description is for information purpose only. Web4, a division of netguru, Inc., reserves the right to alter this description or to adapt it to technical conditions at any time.
More informationChapter 5. Data Communication And Internet Technology
Chapter 5 Data Communication And Internet Technology Purpose Understand the fundamental networking concepts Agenda Network Concepts Communication Protocol TCP/IP-OSI Architecture Network Types LAN WAN
More informationRemote Access VPN Solutions
Remote Access VPN Solutions P/N 500187 June 2000 Check Point Software Technologies Ltd. In this Document: Introduction Page 3 Remote Access VPN Defined Page 3 Business Case Page 4 Key Requirements Page
More informationRSA Solution Brief. RSA & Juniper Networks Securing Remote Access with SSL VPNs and Strong Authentication. RSA Solution Brief
RSA & Juniper Networks Securing Remote Access with SSL VPNs and Strong Authentication The need to ensure that only authorized users are granted access is mission critical. Businesses increasingly need
More informationCCNA Security 1.1 Instructional Resource
CCNA Security 1.1 Instructional Resource Chapter 8 Implementing Virtual Private Networks 2012 Cisco and/or its affiliates. All rights reserved. 1 Describe the purpose and types of VPNs and define where
More informationLoad Balancing for Microsoft Office Communication Server 2007 Release 2
Load Balancing for Microsoft Office Communication Server 2007 Release 2 A Dell and F5 Networks Technical White Paper End-to-End Solutions Team Dell Product Group Enterprise Dell/F5 Partner Team F5 Networks
More informationBridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability
Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability Overview... 3 Installing Bridgit Software... 4 Installing Bridgit Software Services... 4 Creating a Server Cluster... 4 Using
More informationMOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES
MOBILITY & INTERCONNECTIVITY Features SECURITY OF INFORMATION TECHNOLOGIES Frequent changes to the structure of enterprise workforces mean that many are moving away from the traditional model of a single
More informationAventail White Paper. Comparing Secure Remote Access Options: IPSec VPNs vs. SSL VPNs
Comparing Secure Remote Access Options: IPSec VPNs vs. SSL VPNs Introduction Connecting remote users to corporate resources securely is not a new problem for IT. But today s end users with changing work
More informationProtecting Microsoft Internet Information Services Web Servers with ISA Server 2004
Protecting Microsoft Internet Information Services Web Servers with ISA Server 2004 White Paper Published: June 2004 For the latest information, please see http://www.microsoft.com/isaserver/ Contents
More informationSSL VPN Technical Primer
4500 Great America Parkway Santa Clara, CA 95054 USA 1-888-NETGEAR (638-4327) E-mail: info@netgear.com www.netgear.com SSL VPN Technical Primer Q U I C K G U I D E Today, small- and mid-sized businesses
More informationCS 4803 Computer and Network Security
Network layers CS 4803 Computer and Network Security Application Transport Network Lower level Alexandra (Sasha) Boldyreva IPsec 1 2 Roughly Application layer: the communicating processes themselves and
More informationDigital certificates and SSL
Digital certificates and SSL 20 out of 33 rated this helpful Applies to: Exchange Server 2013 Topic Last Modified: 2013-08-26 Secure Sockets Layer (SSL) is a method for securing communications between
More informationNetwork Configuration Settings
Network Configuration Settings Many small businesses already have an existing firewall device for their local network when they purchase Microsoft Windows Small Business Server 2003. Often, these devices
More informationStrong Authentication for Secure VPN Access
Strong Authentication for Secure VPN Access Solving the Challenge of Simple and Secure Remote Access W H I T E P A P E R EXECUTIVE SUMMARY In today s competitive and efficiency-driven climate, organizations
More informationI d like our employees to be able to access all the files in our network that are important to them anywhere and anytime. Simply and securely.
VPN Distances? Companies network themselves with their branches, set up decentralized offices, encourage teleworking or integrate mobile employees and external service providers into their networks. The
More informationUnderstanding VPN Technology Choices
Understanding VPN Technology Choices Presented by: Rob Pantazelos, Network Administrator Brown Rudnick, LLP The most current version of this presentation can be downloaded at: http://www.brownrudnick.com/nr/ilta2008_vpn.ppt
More informationGet Success in Passing Your Certification Exam at first attempt!
Get Success in Passing Your Certification Exam at first attempt! Exam : 920-440 Title : nncde wireless lan Version : DEMO 1. A customer wants to access the Microsoft Outlook Web Access application through
More informationWHITEPAPER IPSEC VPN Vs. SSL VPN
WHITEPAPER IPSEC VPN Vs. SSL VPN Introduction Whether a result of tele-working initiatives, contingencies for events such as 9/11, SARS, and the East Coast Blackout, or just addressing the need to balance
More informationOvercoming the Performance Limitations of Conventional SSL VPN April 26, 2006
Overcoming the Performance Limitations of Conventional SSL VPN April 26, 2006 NeoAccel, Inc. 2055 Gateway Place, Suite 240 San Jose, CA 95110 Tel: +1 (408) 274 8000 Fax: +1 (408) 274 8044 Web: www.neoaccel.com
More informationSecurity Overview Introduction Application Firewall Compatibility
Security Overview Introduction ShowMyPC provides real-time communication services to organizations and a large number of corporations. These corporations use ShowMyPC services for diverse purposes ranging
More informationERserver. iseries. Secure Sockets Layer (SSL)
ERserver iseries Secure Sockets Layer (SSL) ERserver iseries Secure Sockets Layer (SSL) Copyright International Business Machines Corporation 2000, 2002. All rights reserved. US Government Users Restricted
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationz/os Firewall Technology Overview
z/os Firewall Technology Overview Mary Sweat E - Mail: sweatm@us.ibm.com Washington System Center OS/390 Firewall/VPN 1 Firewall Technologies Tools Included with the OS/390 Security Server Configuration
More informationSecuring an IP SAN. Application Brief
Securing an IP SAN Application Brief All trademark names are the property of their respective companies. This publication contains opinions of StoneFly, Inc., which are subject to change from time to time.
More informationSharePlus Enterprise: Security White Paper
INFRAGISTICS, INC. SharePlus Enterprise: Security White Paper Security Overview Anand Raja, Gustavo Degeronimi 6/29/2012 SharePlus ensures Enterprise data security by implementing and interoperating with
More informationSSL Acceleration: A Technology Primer
SSL Acceleration: A Technology Primer Overview Secure transactions are a necessity with e-commerce and sensitive corporate intranets and extranets. The Secure Sockets Layer (SSL) protocol is the widely
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationThe Benefits of SSL Content Inspection ABSTRACT
The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic
More informationWebEx Security Overview Security Documentation
WebEx Security Overview Security Documentation 8/1/2003: WebEx Communications Inc. WebEx Security Overview WebEx Security Overview Introduction WebEx Communications, Inc. provides real-time communication
More informationMobile Access Software Blade
Mobile Access Software Blade Dimension Data BYOD event Jeroen De Corel SE BeLux 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012 Check Point Software Technologies Ltd.
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationGuideline for setting up a functional VPN
Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the
More informationVirtual Private Networks Secured Connectivity for the Distributed Organization
Virtual Private Networks Secured Connectivity for the Distributed Organization FORTINET VIRTUAL PRIVATE NETWORKS PAGE 2 Introduction A Virtual Private Network (VPN) allows organizations to securely connect
More informationIMPLEMENTING AND SUPPORTING EXTRANETS
87-10-18 DATA SECURITY MANAGEMENT IMPLEMENTING AND SUPPORTING EXTRANETS Phillip Q. Maier INSIDE Extranet Architectures; Router-Based Extranet Architecture; Application Gateway Firewalls; Scalability; Multi-homed
More informationProof of Concept Guide
Proof of Concept Guide Version 4.0 Published: OCT-2013 Updated: 2005-2013 Propalms Ltd. All rights reserved. The information contained in this document represents the current view of Propalms Ltd. on the
More informationEntrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.
Entrust Managed Services PKI Getting an end-user Entrust certificate using Entrust Authority Administration Services Document issue: 2.0 Date of issue: June 2009 Revision information Table 1: Revisions
More informationQuickSpecs. Models. Features and benefits Application highlights. HP 7500 SSL VPN Module with 500-user License
Overview Models JD253A Key features High performance hardware encryption Thin client and browser based access Multiple access authentication methods Remote security status checking Low Running Cost Product
More information