Benefits and disadvantages of SSL VPNs
صفحة 1 من اصل 1
Benefits and disadvantages of SSL VPNs
Benefits and disadvantages of SSL VPNs
Below are advantages and disadvantages of SSL Virtual Private Networks.
1. No client software required for accessing web-enabled applications
Benefit: deployment, management and administration extremely simple and effective
2. SSL is a de-facto standard
Benefit: interoperability between different vendors and applications
3. Included as default in a number of web browsers
Benefit: no client software costs
4. As commonly deployed, only servers require digital certificates to establish the encrypted session
Benefit: enormous reduction in the requirement to manage certificates
SSL VPN Disadvantages
1. Optional (as opposed to in-built) user authentication. This is a major security weakness.
Answer: integration with 3rd party strong authentication products such as VASCO
2. Requires Java or ActiveX downloads to facilitate access to non-web enabled applications
Answer: download is transparent to user. Depending on implementation and network topology, this may cause a problem if the firewall (whether on the server side or on a personal firewall) is set to block Java or ActiveX controls.
3. SSL Tunnelling (basically mimics IPSec) is not supported on Linux or non-Windows OS.
Answer: True - SSL vendors offering SSL Tunnelling as an option utilise the virtual adapter technology within Windows OS to encapsulate traffic, which is not currently available in other operating systems.
4. SSL is processor-intensive leading to poor performance under high loads
Answer: This can be true, but can be addressed by clustering, load-balancing multiple appliances, by utilising SSL accelerators such as Radware's CertainT 100 or by traffic prioritisation technologies such as Allot's NetEnforcer, or by using high performance SSL appliances such as those from Array Networks.
5. Some enterprises need broader application support than SSL provides
Answer: Some SSL vendors are addressing this by enhancing proxy support and supporting port redirection.
Cost is another very important consideration. Management of authentication certificates can be very time-consuming and is not necessary with SSL VPNs. This makes SSL VPNs much cheaper and this factor alone may be a key issue when deciding whether to use SSL or IPsec VPNs. Unlike most IPsec environments, you do not need paid-for client software. Additionally, set-up and management is typically much easier.
1. No client software required for accessing web-enabled applications
Benefit: deployment, management and administration extremely simple and effective
2. SSL is a de-facto standard
Benefit: interoperability between different vendors and applications
3. Included as default in a number of web browsers
Benefit: no client software costs
4. As commonly deployed, only servers require digital certificates to establish the encrypted session
Benefit: enormous reduction in the requirement to manage certificates
SSL VPN Disadvantages
1. Optional (as opposed to in-built) user authentication. This is a major security weakness.
Answer: integration with 3rd party strong authentication products such as VASCO
2. Requires Java or ActiveX downloads to facilitate access to non-web enabled applications
Answer: download is transparent to user. Depending on implementation and network topology, this may cause a problem if the firewall (whether on the server side or on a personal firewall) is set to block Java or ActiveX controls.
3. SSL Tunnelling (basically mimics IPSec) is not supported on Linux or non-Windows OS.
Answer: True - SSL vendors offering SSL Tunnelling as an option utilise the virtual adapter technology within Windows OS to encapsulate traffic, which is not currently available in other operating systems.
4. SSL is processor-intensive leading to poor performance under high loads
Answer: This can be true, but can be addressed by clustering, load-balancing multiple appliances, by utilising SSL accelerators such as Radware's CertainT 100 or by traffic prioritisation technologies such as Allot's NetEnforcer, or by using high performance SSL appliances such as those from Array Networks.
5. Some enterprises need broader application support than SSL provides
Answer: Some SSL vendors are addressing this by enhancing proxy support and supporting port redirection.
Cost is another very important consideration. Management of authentication certificates can be very time-consuming and is not necessary with SSL VPNs. This makes SSL VPNs much cheaper and this factor alone may be a key issue when deciding whether to use SSL or IPsec VPNs. Unlike most IPsec environments, you do not need paid-for client software. Additionally, set-up and management is typically much easier.
صفحة 1 من اصل 1
صلاحيات هذا المنتدى:
لاتستطيع الرد على المواضيع في هذا المنتدى