more thoughts on forcing IPSec or SSL on a market

Posted: July 14, 2009 in Posts, Rethink Remote Access

NCPs Jochen Gundelfinger extended his thoughts on last week’s post, Forcing IPSec or SSL on a Market is Wrong.  Here is what Jochen shared with us:

The question is not, whether IPsec or SSL VPN should be used, but how can a remote user access data from a central data network easily and securely?

At this point, it would be very one-dimensional to consider only the VPN protocol. From a business owner’s perspective, if we decided to introduce a ‘road warrior’ into the data network, the following needs to be considered:

  • Who is trying to ‘penetrate’ the business’ network?
  • What kind of access rights should be granted to them?
  • Will the data be encoded?
  • Are there viruses in the system? Is the system protected by a personal firewall? Is it possible for the user to manipulate security related settings?
  • How easy is it to connect to the internet and to construct a VPN tunnel?
  • How can the user be provided with configurations and software updates?
  • Which operating systems are supported?
  • Can a connection be made from anywhere at all?

These considerations mean an easy and secure access will require a comprehensive concept, and not just a technical discussion of protocol. An SSL VPN client represents a network adapter, just like an IPsec client, meaning that there are no clear cut borders anyway.

For some scenarios, IPsec (or an SSL VPN Fat Client) is better suited, especially those who are permanent employees, and who would like to be able to work 1:1 while travelling or from their home—as if they were right there at the office. For others SSL VPN (clientless) will be the right choice, for external users (i.e. customers or suppliers), who only require network access sporadically, and use only one or two applications.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s