End user experiences improved again when high-speed Internet
connections (broadband, cable Internet, leased lines) from 1 Mbps upwards became
available from home, hotels, and conference centers across the world.
The IPsec VPN solutions had its limitations; for one, it lacked security. The other
signifi cant problem was that the IPsec VPN client required to connect to the VPN
became large and diffi cult to roll out. This was due to its requirement for client fi rewalls
and antivirus inspection in order to make up for the lack in security. IPsec VPNs,
while widely implemented, rarely gets used for end-to-end protection of application
protocols. It is mainly used today as an ???all or nothing??? protection for a VPN.
One of the things that SSL VPN brings to the table is taking all of these current
solutions and consolidating them into one platform. SSL VPN means access for:
?– Any user
?– Any location
?– Any application
The current wave is focused on application intelligence; this is what is needed to
ensure access for any user from any location to any application stays secure without
the very large IPSEC VPN client tool. This has led to the current generation of SSL
VPN features that are present in every SSL gateway. All these features are implemented
at both the client and gateway:
?– Client side security Endpoint security or endpoint policies
?– Tunneling Tunnel non-Web and Web applications
?– Pre-authentication Authenticate before contacting corporate servers
304 Chapter 8 ??? Using Intelligent Application Gateway 2007
?– User Portal Made available after the user has logged on; this is where access
to published applications is found
?– Authorization Allow and Deny access to the portal or the applications hosted
in the SSL VPN portal
?– Application Layer Inspection Some form of application layer inspection
needs to be provided in order to qualify as an enterprise grade SSL VPN gateway.
Pages:
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306