Q&A On SSL VPNs, Part One: Rainer Enders

Posted: February 5, 2013 in Expert Q&A, Industry Commentary, Rethink Remote Access, SSL, VPN
Tags: , , ,

This is part one in our Q&A series on SSL VPNs.

Q: When SSL VPN followed IPsec VPN into the world of remote access, what was its initial purpose? How did it differentiate?

Rainer Enders: SSL VPN was introduced to address various shortcomings of IPsec VPN, such as usability, interoperability and scalability. In particular, the IPsec client-based approach was regarded as a process that was difficult to manage from both administrators’ and users’ perspectives.

When SSL was initially introduced, it was considered a client-less technology. The terminology “client-less” was created to differentiate from the IPsec client-centric approach. Obviously, SSL VPN is not client-less, as a client is still involved and is typically in the form of a web browser. Therefore, the key differentiator between the two approaches is that the SSL VPN client comes pre-installed on all OS platforms in the form of the browser, whereas IPsec VPN is separate software that, in many cases, must be installed.

Q: When should companies use a browser-based SSL VPN for secure remote access? How does this differ from applications of a Thin Client SSL VPN?

Rainer Enders: When deploying SSL VPN, great care must be taken to implement and secure the digital signature architecture. Web proxy and thin client SSL are restricted to certain access modes, and as such, should only be used in projects with limited scope with compliant access environments. SSL VPN should not be used for high security environments, as there are more points of attack and vulnerabilities.

Rainer Enders is CTO, Americas, at NCP engineering.

Stay tuned for more expert insight on SSL VPNs later this week from Joerg Hirschmann, CTO at NCP engineering GmbH.

Comments
  1. […] Q&A On SSL VPNs, Part One: Rainer Enders […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s