Traditionally, providing road warriors and business partners with access to back-end servers and resources has meant deploying an IPSec VPN. For site-to-site communication, IPSec remains the only game in town, but for client-to-enterprise links, it is falling out of favor precipitously. The administrative overhead associated with deploying IPSec client software has become overwhelming given the ever increasing number of clients to support. There is also the potential that IPSec tunneling will allow an untrusted device to punch a hole through the firewall -- and directly into the heart of the network.
These kinds of basic problems with IPSec are why SSL VPNs are showing up on more and more IT radar screens. With an SSL VPN, there is no client software to install, let alone maintain. Not only does this cut down on IT labor, but it also means remote users aren’t limited to specified locations. Public Internet kiosks, partner sites, a borrowed laptop -- they all work.
More importantly, with an SSL VPN there is no open tunnel to the enterprise. SSL VPNs enforce security policies on each connection, allowing access only to specific
resources based on user, location, and/or device. As with any good security control, everything is off-limits unless expressly allowed by the administrator.
I explored the mechanics of SSL VPNs and explained how these appliances differ from their IPSec cousins in a similar roundup a year ago. This time around, I put six different SSL VPN appliances to the test to find out whether they’ve matured enough to replace enterprise-class IPSec deployments -- and to determine which ones, if any, stand out from the rest.
Packed with features
The SSL VPN playing field gets more level with each product release cycle. Many of the appliances in this roundup are in their third generation and are technologically mature. The main features differentiating the products from one another are the way in which they implement security policies, how they handle remote end points, and how transparent the overall experience is to the end-user.
The granularity of their access policies is where SSL VPN appliances really shine. All the solutions reviewed here allow administrators to implement policies that change based not only on who is logging in but also on where they are logging in from.
In addition, every SSL appliance in this roundup supports some kind of end-point security software, although some do a better job than others. End-point software analyzes a client device, determines the level of confidence in its security, and applies access rights based on predefined “trust zones.” For instance, the software might determine that a user’s laptop has anti-virus software and a personal firewall running on it, but because the laptop is attempting to connect via Wi-Fi from Starbucks, the appliance will only grant it proxied access, rather than full network access over an IPSec-style layer 3 tunnel. Currently no industrywide standard for end-point security control exists, but companies such as Cisco and Microsoft are working to change that.
| Test Center Scorecard | |||||
|---|---|---|---|---|---|
 |  |  |  |  | |
| 35% | 25% | 20% | 10% | ||
| AEP Networks Netilla Security Platform | 9 | 7 | 8 | 7 |
7.2
Good
|
| 35% | 25% | 20% | 10% | ||
| Array Networks SPX3000 | 9 | 8 | 9 | 8 |
7.8
Good
|
| 35% | 25% | 20% | 10% | ||
| Aventail EX-1500 | 8 | 9 | 8 | 8 |
7.5
Good
|
| 35% | 25% | 20% | 10% | ||
| F5 Networks FirePass 4100 | 9 | 9 | 9 | 9 |
8.1
Very Good
|
| 35% | 25% | 20% | 10% | ||
| Juniper Networks NetScreen-SA 5000 | 9 | 9 | 9 | 9 |
8.1
Very Good
|
| 35% | 25% | 20% | 10% | ||
| Nokia Secure Access System 3.0 | 8 | 8 | 8 | 8 |
7.2
Good
|
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Security Resource Alerts
This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.
Download now! »
Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.
Download now! »
Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.
Download now! »
3 Recommendations
