1 / 8

SSL VPN

SSL VPN. Dijiang Huang Arizona State University. The Shift to SSL VPNs. SSL Addresses the Emerging Demands Impervious to NAT Leverages a commonly open port (443) Indifferent to type of network Does not require a client Supports broad application types Easier to support and deploy

dash
Télécharger la présentation

SSL VPN

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SSL VPN Dijiang Huang Arizona State University

  2. The Shift to SSL VPNs • SSL Addresses the Emerging Demands • Impervious to NAT • Leverages a commonly open port (443) • Indifferent to type of network • Does not require a client • Supports broad application types • Easier to support and deploy • Intuitive User Experience

  3. Basic SSL VPN Deployment Like an IPSec VPN, the SSL VPN is the point of security enforcement for in-bound users. • SSL VPN tied to authentication system, DNS and applications • Presents web resources and available shares as links to the user • Authenticates users, encrypts to the end node, applies granular ACLs to the user traffic, detailed audit • All traffic goes over port 443, regardless of original protocol • Uses browser-deployed agent to handle C/S applications Corporate Laptops SSL VPN Directories Applications Wireless Hotspots Web Apps Client/Server Apps Legacy Apps File Shares Databases Terminal Services Mainframes DMZ PDAs Encrypted, Authenticated, and Authorized Traffic via the Internet SSL VPN Appliance Home PCs Kiosks Partner Extranets

  4. IPSec VPN vs. SSL VPN InternetKiosk MobileUsers Branch Office Internet Internet Partners, Customers, Contractors Remote Office Telecommuters HQ

  5. Security vs. IPSec

  6. Use case 1 - Remote Access at Lower Operating Costs SSL VPN Server Employees with Corporate Laptops Employees with Mobile Devices Employees with Home PCs Corporate Intranet Email Server Firewall Internet Router Applications Server Increased Productivity • Anytime, anywhere access from any device • No endpoint software to install or manage • Easy access facilitated from common browsers Increased Security • Encrypted secure access to corporate resources • Granular access control • Comprehensive endpoint security enforcement

  7. Use Case 2- Extranet Portals with Greater Security SSL VPN Server Suppliers Customers Corporate Intranet Client/Serer Applications Web Applications Partners Firewall Internet Router Administrative ease of use • Easier management of authorized users • No client software enforced on external users • Access enabled from any Web-enabled device Enforcement of corporate security policies • Granular access to select applications or resources • Endpoint security enforced before granting access • No administrative hassle of managing users’ devices

  8. Use Case 3– Mobile Device Access SSL VPN Server Apple iPhone Corporate Intranet Email Server Firewall Router Internet Applications Server Improved Ease of Use, Higher Productivity • Access from any mobile device • ActiveSync facilitates secure access to Exchange • Enforce mobile device integrity and security

More Related