IPSec or SSL VPN? Copyright 2004 Juniper Networks, Inc. www.juniper.net 1

Similar documents
Juniper Networks VPN Decision Guide

Remote-Access VPNs: Business Productivity, Deployment, and Security Considerations

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Juniper Networks VPN Decision Guide

SSL VPN Technical Primer

SECURE ACCESS TO THE VIRTUAL DATA CENTER

How To Configure SSL VPN in Cyberoam

Virtual Private Networks Secured Connectivity for the Distributed Organization

The term Virtual Private Networks comes with a simple three-letter acronym VPN

Securing Citrix with SSL VPN Technology

Technical papers Virtual private networks

Secure remote access to your applications and data. Secure Application Access

WHITEPAPER IPSEC VPN Vs. SSL VPN

Secure Network Design: Designing a DMZ & VPN

Figure 41-1 IP Filter Rules

SSL VPN. Virtual Private Networks based on Secure Socket Layer. Mario Baldi. Politecnico di Torino. Dipartimento di Automatica e Informatica

Virtual Private Networks Solutions for Secure Remote Access. White Paper

PRODUCTIVITY NETWORK, INC. Information Technology. VPN Overview

Cornerstones of Security

Aventail White Paper. Comparing Secure Remote Access Options: IPSec VPNs vs. SSL VPNs

SSL VPN vs. IPSec VPN

DMZ Network Visibility with Wireshark June 15, 2010

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

SSL-Based Remote-Access VPN Solution

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

2003, Rainbow Technologies, Inc.

Secure, Mobile Access to Corporate , Applications, and Intranet Resources

VPN. Date: 4/15/2004 By: Heena Patel

Cisco ASA 5500 Series VPN Edition

White Paper. SSL vs. IPSec. Streamlining Site-to-Site VPN Deployments

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

IPSec vs. SSL: Why Choose?

How To Configure Apple ipad for Cyberoam L2TP

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

WAN Routing Configuration Examples for the Secure Services Gateway Family

Deploying a Secure Wireless VoIP Solution in Healthcare

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere

Firewall VPN Router. Quick Installation Guide M73-APO09-380

PRODUCT CATEGORY BROCHURE. Juniper Networks SA Series

SSL VPN Client Installation Guide Version 9

Why SSL is better than IPsec for Fully Transparent Mobile Network Access

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Why Switch from IPSec to SSL VPN. And Four Steps to Ease Transition

Novell Access Manager SSL Virtual Private Network

Security Technology: Firewalls and VPNs

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security

INTRODUCTION TO FIREWALL SECURITY

Steelcape Product Overview and Functional Description

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

END-TO-END SECURITY WITH SA SERIES SSL VPN APPLIANCES

ISG50 Application Note Version 1.0 June, 2011

PRODUCT CATEGORY BROCHURE

Cisco IPsec and SSL VPN Solutions Portfolio

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Using Rsync for NAS-to-NAS Backups

Licenses are not interchangeable between the ISRs and NGX Series ISRs.

Workflow Guide. Establish Site-to-Site VPN Connection using RSA Keys. For Customers with Sophos Firewall Document Date: November 2015

VPN_2: Deploying Cisco ASA VPN Solutions

Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture

1.264 Lecture 37. Telecom: Enterprise networks, VPN

Using IPsec VPN to provide communication between offices

Building Your Complete Remote Access Infrastructure on Windows Server 2012

Cisco Which VPN Solution is Right for You?

Network Configuration Settings

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

Remote Connectivity for mysap.com Solutions over the Internet Technical Specification

Permeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions

WAN Failover Scenarios Using Digi Wireless WAN Routers

Cisco Certified Security Professional (CCSP)

Proof of Concept Guide

Integrated Services Router with the "AIM-VPN/SSL" Module

November Defining the Value of MPLS VPNs

What the Experts Say

7.1. Remote Access Connection

Array Purpose-Built SSL VPN

Cisco ASA 5500 Series VPN Edition for the Enterprise

For more information refer: UTM - FAQ: What are the basics of SSLVPN setup on Gen5 UTM appliances running SonicOS Enhanced 5.2?

Firewalls and Virtual Private Networks

Experiment # 6 Remote Access Services

ΕΠΛ 674: Εργαστήριο 5 Firewalls

Cisco ASA 5500 Series SSL / IPsec VPN Edition for the Enterprise

The Secure Web Access Solution Includes:

Computer Networks. Secure Systems

Why a Reverse Proxy with My Instant Communicator for mobiles??

How To Establish Site-to-Site VPN Connection. using Preshared Key. Applicable Version: onwards. Overview. Scenario. Site A Configuration

Firewall Security. Presented by: Daminda Perera

10 Strategies to Optimize IT Spending in an Economic Downturn. Wong Kang Yeong, CISA, CISM, CISSP Regional Security Architect, ASEAN

SSL VPN 1H03 Magic Quadrant Evaluation Criteria

Multi-Homing Dual WAN Firewall Router

VPN Solution Guide Peplink Balance Series. Peplink Balance. VPN Solution Guide Copyright 2015 Peplink

To Configure Network Connect, We need to follow the steps below:

Cisco Cisco 3845 X X X X X X X X X X X X X X X X X X

Integrated Services Router with the "AIM-VPN/SSL" Module

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES

Best Practices for Secure Remote Access. Aventail Technical White Paper

Alteon SSL Accelerator. A remote access gateway for today s extended enterprise

Transcription:

IPSec or SSL VPN? Copyright 2004 Juniper Networks, Inc. www.juniper.net 1

Copyright 2004 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 2 The Traditional Extended Enterprise Fixed Telecommuters Customers Mobile Workers Leased Lines Branch Offices Business Partners Day Extenders Data Center

Copyright 2004 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 3 Connectivity Requirements Must support business productivity for all audiences, while cost-effectively securing communications Secure Affordable Raise Productivity High Performance & Availability

Copyright 2004 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 4 The Enterprise Connectivity Solution Use the Internet to replace leased lines Fixed Telecommuters Fixed Telecommuters Customers Mobile Workers Branch Offices Internet Internet Business Partners Data Center Business Partners Mobile Workers Day Extenders

Copyright 2004 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 5 IPSec and SSL VPNs Customers Mobile Workers SSL VPN Day Extenders Sales HR Finance Internet Business Partners Fixed Telecommuters Department Servers DMZ IPSEC Data Center Branch Offices

Customer Challenges: Access vs. Security Copyright 2004 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 6 Maximize Productivity " Extend application to partner (Partner Extranet) " Increase employee efficiency (Intranet portals, ERP) " Support different users (customized, controlled) " Enable provisional worker (Contractor, offshoring) Enforce Strict Security "Restrict access to appropriate level "Mitigate risks from untrusted sources (i.e. kiosks, non-employees) "Consistently apply security policy Must Balance against Costs "Capital Expense "Ongoing admin and support

Evolution of Secure Access Technologies Copyright 2004 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 7 Secure, Point-to-Point Communications Dial Networks Leverage Low-Cost Internet Transport Virtual Private Networks Custom Extranets Client & LAN Transparency, Superior Security Broadened Application Access Increased Security & Client Transparency SSL VPNs Time

Copyright 2004 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 8 IPSec VPN vs SSL VPN Internet Kiosk Branch Office Mobile Users Remote Office HQ Telecommuters Business Partners, Customers, Contractors Application Type Type of Connection Remote, Branch Office Site to site Fixed Application Type Type of Connection "Mobile User "Partner Extranet "Customer Extranet "Contractor, offshore employee "Telecommuter/day extender Mobile or Fixed Remote Network Security Managed, Trusted Remote Network Security Managed or Unmanaged, Trusted or Untrusted

Copyright 2004 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 9 SSL VPN Value Proposition Proof Points: Clientless Deployment: Minimal Cap Ex, Deployment, Configuration or Support Overhead; Requires No Changes to LAN/Server Resource Application-Layer Security: Controls access to only the application resource, not to native network User Flexibility/ Enterprise Productivity: Delivers secure access to users from just a Web browser LAN Resources External Users

Copyright 2004 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 10 The Secure Access Landscape Fixed/Site-to-Site Remote Access Mobile employees/consultants Remote/Branch Office Fixed telecommuters HQ Business Partners Customers Connectivity Requirements: Bridge fixed, trusted networks Managed devices Transparent access to remote LAN Full access to network resources Network-layer mgmt & administration Options: Internet VPNs (IP Sec) Network VPNs (MPLS) Connectivity Requirements: Access from untrusted networks Access from unmanaged devices Options: SSL VPNs

Copyright 2004 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 11 what is needed? Type of Application Remote Office/ Branch Office Mobile Employee Type of PC Remote Network Security Type of Connectio n Type of VPN Corporate Managed, Trusted Fixed IPSec Corporate or Non- Corporate Unmanaged, Untrusted Mobile SSL VPN Partner/Customer Non- Corporate Unmanaged, Untrusted Mobile SSL VPN

Copyright 2004 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 12 VPNs Meet Business Needs Requirements: Secure Affordable Ease of use High Performance & Availability IPSec VPN Integrated purpose-built solution Integrated high performance, robust firewall (w/ Zones) Route-based VPNs offer low TCO for site-to-site or fixed configurations Dynamic Route-Based VPNs leverage "selfhealing capabilities Centralized management Resiliency at device, network and VPN level Secure Access SSL VPN Hardened appliance, AAA policy integration, and access privilege management No client or server changes Low TCO for remote/mobile employees, partners and customers Simple Web interface Centralized management for administrators Stateful failover an a variety of clustering options

Copyright 2004 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 13 VPN Needs By User Type and Network IT environment: IPSec VPN SSL VPN Type of connection Fixed connection Transient connection Type of device Managed corporate device Varying devices Type of access Site-to-site Remote employee, business partner, customer Access Controls Robust firewall functionality Enables access management policy enforcement

Copyright 2004 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 14 VPN Needs By User Type and Network User constituency: IPSec VPN SSL VPN Remote office employees IT staff Mobile employees Day extenders Consultants Customers Business partners

Copyright 2004 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 15 VPN Needs By User Type and Network Applications and content: IPSec VPN SSL VPN Voice Over IP Entire subnets with no application access control required Networks, including intranets and extranets, that require access control Web applications Client/server applications Intranet content Email File Servers Server socket dependent applications

Copyright 2004 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 16 IPSec and SSL IPSec Design Goal low level secure network connectivity Gateway Tunnel/transport applications IPSec Gateway Network layer connection IPSec encryption Any TCP ports flow over tunnel Usually done with a hardware gateway on the LAN and a hardware or software client SSL Design Goal Secure application-to-application connectivity Application layer connection Port 443 Specific Protocol Port 443 SSL or TLS encryption Specific port is open (easier to secure) Server Client Usually done in application software (included with all standard Web browsers and e-mail applications)

Copyright 2004 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 17 IPSec and SSL OSI TCP/IP Application Presentation Session Transpor s t Network Data Link Physical Application Transpor t Internet Protocol Network HTTP, FTP, POP THANK YOU! TCP, UDP IP SSL/TLS IPSec

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information