Palisade Magazine
 

Discuss: Understanding SSL VPN

by Bhaven Haria, CISA
Discussion is open — there are 3 reader comments. Add yours.
1. vijender | 13 Jul 2006 1:55 AM

The SSL VPN explained in the blog is clientless mode of SSL VPN. As per general understanding, clientless SSL VPN does not require client side software. So they support web-based applications like OWA, Lotus Notes, HTTP(S) services. But in-reality, you will find that corporate applications are not web-based applications. They are hybrid-web applications. For e.g. Citrix agent need to be downloaded on machine to access published resources. so it can not be supported via clientless SSL VPNs. For that, SSL VPN vendors implements java clients for these enterprise applications or uses native clients to tunnel client-server applications.

I classify SSL VPNs as
1st generation: Clientless SSL VPN: support web-based services
2nd Generation: Java emulators and full access clients: support client server applciations and hybrid web apps
3rd Generation: SSL VPN solution that can replace IPSec.: High performance SSL VPN solution.

2. Balaji | 28 Jan 2007 6:03 PM

Hi,
Your article was very useful to me as i am newbie to these technologies like VPN. I just want to clarify something in your article.
In the few concerns about the SSL VPN section, you are telling like if SSL VPN is used for non-web traffic application then virus/worms can affect the system.
Why is it like that? How Web-traffic(http) application(s) prevents itself from virus/worms and why that is not possible in the case of NON-WEB traffic applications???

Thanks in Advance.

Regards,
...Balaji.J

3. Anonymous Reader | 09 Feb 2007 5:38 PM

@ Balaji

Hi,

Thank-you Balaji :)

Let's consider the case where SSL VPN is being used for publishing non-web applications like Email, Remote Desktop Application and File Sharing. As explained in the article, All non-web traffic will get tunneled through SSL connection. Now, if the worm infected computer remotely connects to this network, the worm traffic will be also get tunneled through SSL connection and it may infect company's resources.

In the case where only web applications are published, SSL VPN gateway will allow only web traffic for specified web servers and will all other traffic. Hence, the worm traffic will get blocked at SSL VPN gateway. Hence, prevented.

Hope this explains :)

Bhaven

Post Your Comment








Please keep your comments on topic. Fields marked with * are required. We reserve the right to remove any comments deemed inappropriate.


*