[VPN] SSL "VPNs"

[Irwin Lazar]

>The only applications that any of the SSL VPN vendors claim to be able
>to secure without any code being loaded on a remote client are
>>Web-based applications<<.  Uh, hey, wait a minute -- I can turn on SSL
>on my Web-based application servers and do that myself.

---
The appliances offer you the advantage of off-loading the encryption process from your web servers.  They may also provide front-end proxy servers to provide you with an additional layer of security.  In aventail's case, they'll manage the whole thing for you as a server (though they do offer stand-alone appliances as well).

you are right that there is no client security - I've spoken with a few vendors who are looking to implement a check that doesn't allow access to the SSL-VPN proxy unless the end-device meets a certain policy such as up-to-date anti-virus and firewall software.  I think you'll see more of that this year.