[VPN] VPN or SSL?

Irwin Lazar ILazar at burtongroup.com
Mon Dec 2 11:38:38 EST 2002 

there are a whole slew of SSL accelerator products out there from companies
such as SafeWeb, Intel, Neoteris and others.  There is also Aventail, which
provides managed SSL VPN services.

In our experiences, SSL-based VPNS have proven to be a very attractive
solution for enterprises simply looking to provide remote access to
web-based applications or applications which use well-known ports.  Several
of the SSL appliances from vendors mentioned above also support SSL for
applications such as Outlook & Notes.

We've got a fairly detailed research report on this topic, if you'd like to
preview a copy please contact me off-list.

thanks,
irwin

------ 
Irwin Lazar
Practice Manager, Burton Group 
www.burtongroup.com <http://www.burtongroup.com>  
ilazar at burtongroup.com <mailto:ilazar at burtongroup.com> 
Office: 703-742-9659  
Cell: 703-402-4119 
"DrivingNetworkEvolution"


-----Original Message-----
From: Shimon Silberschlag [mailto:shimons at bll.co.il]
Sent: Monday, December 02, 2002 1:47 AM
To: vpn at lists.shmoo.com
Subject: Re: [VPN] VPN or SSL?


> One thing you may want to consider is an SSL
> accelerator that authenticates the user and then not allow any HTTP
> access to the app servers.

Can you specify which products have this capability?

Shimon Silberschlag

+972-3-9352785
+972-51-207130

----- Original Message -----
From: "shannong" <shannong at texas.net>
To: <vpn at lists.shmoo.com>
Sent: Sunday, December 01, 2002 17:30
Subject: RE: [VPN] VPN or SSL?


> The 128-bit encryption level of SSL is sufficient in my opinion for
data
> encryption in most cases.  Although, IPSec provides better data
> authenticity services than SSL.  The problem I have with SSL access
to
> web sites is that the entire Internet will have access to your web
> server.  Obviously, hacking into a web server is a trivial thing
these
> days.  While SSL may provide encryption of your username/password
logins
> and application data, your security problem will be that a server
with
> access to privileged data will be an open target to the Internet.
>
> In this scenario, VPNs are better in that a user is authenticated at
the
> ingress point of the network by a device that has few services to
> exploit. (firewall, VPN concentrator, etc).  This means the Internet
> never gains access to your web server, only validated users.
>
> Of course, the VPN solution will provide support for your apps that
> don't have SSL capability either.
>
> SSL accelerator cards simply terminate the users' SSL session in
front
> of the web server, and then pass the session along as clear text to
the
> target web server.  This means the server doesn't have to use up its
CPU
> doing encryption.  One thing you may want to consider is an SSL
> acclerator that authenticates the user and then not allow any HTTP
> access to the app servers.  This means that the accelator would be
> authenticating users at ingress when starting the SSL session.  In
this
> way, the Internet at large wouldn't have access to your web
servers--
> only users already authenticated over SSL.
>
> -Shannon
>
> -----Original Message-----
> From: vpn-admin at lists.shmoo.com [mailto:vpn-admin at lists.shmoo.com]
On
> Behalf Of James McLintic
> Sent: Thursday, November 28, 2002 12:49 PM
> To: vpn at lists.shmoo.com
> Subject: [VPN] VPN or SSL?
>
>
>
> Hi All,
>
> Can anyone point me in the right direction please?  I'm designing a
new
> technical infrastructure for a HR managed services organisation and
I'm
> not sure whether to use VPN or SSL.  Essentially my client (customer
in
> this
> case) will provide web-enabled self-service HR applications
delivered
> over the Internet to their customers who are medium sized
organisations.
> These customer organisations are assumed to have high speed internet
> access.  Now there maybe a need for a few users to use a Win32 app,
(SAP
> GUI) - hence the possible requirement for a VPN.  The problem as I
see
> it with a VPN in this case is the headache of managing multiple VPNs
to
> different customer organisations - the box at either end in most
cases
> will need to match and customers may have their own VPN box already.
> That sounds like something best to avoid!  So what about SSL - well
it
> sounds good in that we can select which content is encrypted and
which
> isn't but is there a speed issue with SSL?  I know of SSL
Accelerator
> cards which take the load off the servers encryption process but
will it
> adversly affect the user's experience - ie will it be significantly
> slower than plain http? We will need some form of
encryption/security
> for certain parts of the HR portal but more importantly we need to
make
> the customer organisations feel confident that their data is
secure -
> VPNs may give them more comfort than SSL I think.
>
> What does anyone else think?
>
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn
>
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn

_______________________________________________
VPN mailing list
VPN at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn

More information about the VPN mailing list