|
Virtual
private networks on Secure Sockets Layer
offer a simpler, more secure way for
remote users to connect to corporate
networks and take-up is set to rise
Companies are beginning to see the value
of simplifying their internet connections.
Traditionally, users who have required
remote access have deployed a leased
line to connect sites. For remote workers,
the preferred option was running an
IPSec client to connect to a virtual
private network in order to gain access
to the corporate network.
But many users have found IPSec VPNs
to be cumbersome. John Pescatore, research
vice-president at Gartner, said IPSec
could pose a serious security risk because
it offers full network access. "If
you accidentally download a worm such
as MS Blaster, your [infected] PC will
spread it across the enterprise," he said.
Gartner estimated that 90% of VPNs today
use IPSec, but within two years 50%
of VPNs will use an alternative VPN
security protocol called Secure Sockets
Layer. One of the main benefits of an
SSL VPN is that it does not need any
client software installed.
Pescatore also pointed out that SSL
VPNs can be less prone to attack by
hackers. Many hackers install code remotely,
but Pescatore said SSL has so far been
immune to such attacks. It also limits
network access to port 80 (i.e. web
traffic), which reduces the damage that
can be done if a hacker was to break
in.
Pescatore predicted that in the future
IPSec would only have two uses: supporting
legacy connectivity when it is not
possible to use SSL, and where server-to-server
connections are needed.
Pescatore's
comments were mirrored in a research
paper published by Forrester Research
in June that noted that many businesses
provide remote connectivity for users
with IPSec remote access VPNs.
Forrester found that in 2003 there was
significant interest in SSL VPNs as
an alternative to IPSec. It said SSL
VPNs offered a smooth migration to more
cost-effective, easier to deploy remote
access than IPSec. "SSL VPNs' combination
of flexibility and functionality makes
it competitive with IPSec even when
deployed for an enterprise's power-users," the report said.
Forrester predicted that although SSL
VPNs are sold as dedicated hardware
appliances, eventually performance gains
and economics will drive SSL VPNs onto
a VPN-on-a-blade, to run in a networking
or server chassis. "This will reduce
costs and help lower SSL VPNs gear out
of the premium-priced status it enjoys
today," the report said.
Cutting costs
Forrester said users who deployed
SSL VPNs would be able to reduce the
cost of remote working to almost zero.
It also said the simplicity of SSL VPNs
would cut the cost of helpdesk support.
As reported in Computer Weekly last
week, users evaluating SSL for encrypting
network traffic on the Internet include
oil company BP and Standard Chartered
Bank. Both organisations are members
of IT security user group the Jericho
Forum, which sees secure internet access
as essential to support the way businesses
will need to operate in the future.
Setting up and managing extranets for
hundreds of business partners and securing
global staff in a consistent manner
is extremely difficult. Some businesses
find that the networks cannot be established
quickly enough to support business development.
However, simplification using SSL VPN
technology to secure communications
across the public Internet is seen by
some businesses as the way to build
and maintain network connections for
third-party businesses and remote sites
and users.
Identity management
As SSL VPN technology becomes more widely
available; one area businesses will
have to look at is identity management.
Tony Lock, senior analyst at Bloor Research,
said, "Businesses will need to
recognise people coming into the network,
who they are, and what data they have
access to."
Although global organisations such as
Boeing are developing identity management
programmes to support thousands of staff
and contractors, industry observers
believe much more work is needed on
building global standards for identity
management.
Nick Bleech, head of security management
in the technology advisory practice
at KPMG, said, "What is needed
is a globally unique person ID that
is issued once."
The
benefits of using SSL VPNs
Levels of Granularity: Because it operates
at the application layer, the Secure
Sockets Layer protocol can track more
information about users - location,
type of computer, operating system
etc - and provides more granularity
than the IPSec protocol.
This
allows enterprises to comfortably extend
remote access to new areas such as Internet
kiosks or partner sites where the level
of granularity - the degree of modularity
of a system - ensures users have access
to only the necessary resources.
Flexibility
for mobile environments: The proliferation
of mobile technologies such as corporate
Wi-Fi is driving the adoption of SSL
virtual private networks.
Most
enterprises are deploying wireless Lan
access points outside the corporate
firewall, requiring users to gain access
via a VPN.
SSL
provides a more flexible and seamless
VPN architecture so users do not have
to manually launch IPSec VPNs when connected
wirelessly at the office.
Device Types: SSL VPNs are capable of
running on a standard browser. As
a result, a wide variety of client types,
including PDAs and cell phones, can
connect remote users securely via standards-based
browsers instead of proprietary IPSec
clients that may be difficult to install
or are too resource intensive.
Source:
Forrester Research
|
