Security Basics mailing list archives
RE: Clientless VPN (SSL VPN) vs HTTPS
From: "Melchior, Raimar" <raimar.melchior () hp com>
Date: Mon, 14 Aug 2006 09:01:46 +0200
Hi, SSL-VPN is a very attractive alternative to traditional IPSec. Especially if you are the owner of a dedicated SSL-VPN appliance (Juniper, F5, Aventail, etc). There are some pro and cons I want to enumerate. In general you can access every ressource in your network (not only email) over different Client OS (Linux, Mac, Windows). Most of the appliances have a reverse-proxy implemented from which you can access most applications over an embedded web-client. But you can also setup a SSL-Tunnel and start a client program on your machine. Traffic through the Tunnel is directed transparently. Most of them provide authentication and authorization (Radius, LDAP, RSA-Secure ID, certificates, etc). If you have a large number of remote users in the field you save a lot of time with rollout, because you don't have to configure the remote client. All configuration is done centrally on the appliance (Web-GUI). Further on these appliances are coming with a hardended OS and with embedded security checks. I like the endpoint security very much (F5-Firepass). You can check the remote client if he has AV, FW, special registry entries set, and so on (before he gets logged in). This is a very powerful feature I haven't seen on IPSec clients. But there are also some disadvantages. It is not complete clientless. Most of the appliances use ActiveX/Plugins (must be enabled on remote client) and you can't build up LAN to LAN Tunnels with SSL. Regards Raimar -----Original Message----- From: harbinger [mailto:bluetooth995 () gmail com] Sent: Freitag, 11. August 2006 05:56 To: security-basics () securityfocus com Subject: Clientless VPN (SSL VPN) vs HTTPS Hi These days SSL VPN has been the alternative to the tradition IPsec VPN, particularly for users that require only email access. However, what is the different in implementing SSL VPN - which essentially means allowing only webbased traffic i.e webmail, as compare to just to setup a webmail server running HTTPS. Can anyone point out the differences?? Thanks ------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Clientless VPN (SSL VPN) vs HTTPS harbinger (Aug 11)
- Re: Clientless VPN (SSL VPN) vs HTTPS Eoin Miller (Aug 14)
- Re: Clientless VPN (SSL VPN) vs HTTPS PCSC Information Services (Aug 14)
- Re: Clientless VPN (SSL VPN) vs HTTPS Saqib Ali (Aug 14)
- Re: Clientless VPN (SSL VPN) vs HTTPS Joe (Aug 14)
- RE: Clientless VPN (SSL VPN) vs HTTPS Melchior, Raimar (Aug 14)
- Re: Clientless VPN (SSL VPN) vs HTTPS Christopher Stromblad (Aug 15)
- <Possible follow-ups>
- Re: Clientless VPN (SSL VPN) vs HTTPS bhaven . haria (Aug 14)
- RE: Clientless VPN (SSL VPN) vs HTTPS Wesley Ward (Aug 14)