Imagine this scenario – you’re thousands of miles away from your workplace and need to access your company’s intranet portal. One solution is to make this portal accessible via the Internet, but that can expose the company to a plethora of security risks.
After all, different business departments use multiple intranet applications, and publishing them directly on the Internet will open them up to everyone. A second, and more appropriate, is to use a Virtual Private Network (also commonly referred to as VPN).
The two most common types of VPN today include Secure Sockets Layer (SSL) VPN and Internet Protocol Security (IPSec) VPN. Here, we’ll take a closer look at what is SSL VPN, its pros and cons, as well as how it fares against IPSec VPNs.
What is SSL VPN?
An SSL VPN uses the Secure Sockets Layer protocol – or, more often than not, its replacement, the Transport Layer Security protocol – in web browsers to provide users with the capability of secure, remote VPN access. End-to-end encryption is employed to protect all data transmissions between an Internet-connected device and the SSL VPN server.
Enterprises use SSL VPNs for two main reasons:
- To allow remote employees to gain access to internal corporate resources safely.
- To safeguard the web sessions of users connecting to the Internet from outside the corporate network.
Moreover, SSL VPNs are easy to implement and don’t require installing and maintaining specific client software – just a modern browser! These types of VPNs are also known for their reliable connections as they provide a higher level of client platform compatibility as well as configurations for firewalls and remote networks.
They facilitate access to protected network resources remotely by using an authenticated pathway which encrypts all network traffic from end-to-end. This makes it appear as if the user is on the internal network, regardless of their actual geographic location.
Enterprises can also rest assured that unauthorized parties won’t be able to eavesdrop on network communications and alter or capture sensitive data. So, if you’re in search of a secure and flexible solution for contractors, employees, and telecommuters to remotely connect to corporate networks, SSL VPNs are your best bet.
How Does SSL VPN Work?
As mentioned earlier, an SSL VPN relies on TLS, or the older SSL protocol, to ensure secure remote access from anywhere. It enables authenticated users to create safe connections to internal HTTP (Hypertext Transfer Protocol) and HTTPS (Hypertext Transfer Protocol Secure) services via client applications or standard browsers which provide direct access to restricted networks.
Types of SSL VPN
There are two main types of SSL VPN that you need to be aware of:
SSL Tunnel VPN
SSL tunnel VPNs allow users to access multiple internal network services securely via standard browsers, as well as other non-web based applications and protocols. The VPN “tunnel” is a link established between the remote user and VPN server, through which they can connect to one or more remote websites at a time on the client’s behalf.
However, this SSL VPN type calls for a browser that handles active content and offers functionality which is otherwise inaccessible through SSL portal VPNs.
SSL Portal VPN
An SSL portal VPN, on the other hand, enables one SSL VPN connection to a remote website. The gateway is then accessed by remote users with their browser after getting authenticated through a method required by the gateway service. Once inside, a single webpage serves as a “portal” to various internal network services.
Advantages of Using SSL VPN
One of the biggest advantages of SSL VPNs is that they use TLS – the technology implemented in today’s browsers – which eliminates the need to install specialized client software and makes them much easier to deploy. Additionally, TLS-created encryption circuits provide greater outbound connection security as opposed to traditional VPN protocols.
Another advantage is that an SSL VPN requires considerably less technical support and administrative overhead than traditional VPN clients, courtesy of their ease of use and dependence on commonly used web clients. Any browser that supports SSL or TLS will do, no matter what operating system is running on the devices of users.
Furthermore, users don’t have to download any additional software or go through complicated steps to set up an SSL VPN. Unlike IPSec or L2TP (Layer 2 Tunneling Protocol), establishing a secure network with an SSL VPN only requires a modern browser.
Since SSL VPNs create tunnels to specified applications instead of an entire corporate network, they can be configured to provide administrators with granular access control. This means that it’s possible to restrict users on an SSL VPN connection to the applications they’ve been authorized to access, and not the entire network.
Disadvantages of Using SSL VPN
Despite the various advantages an SSL VPN brings to the table, there are also a few security risks associated with its use. Considering that users can gain access to SSL VPN servers remotely, even one remote user with a device running outdated antivirus software might spread malware to the enterprise’s network.
The split tunneling feature of SSL VPNs can be misused by cybercriminals, which gives users the ability to route sensitive traffic through the VPN tunnel and send the rest of it over unsecured channels. While split tunneling allows network traffic to be distributed between both public and private networks simultaneously, attackers can leverage the unsecured channel of a remote user to execute an assault.
That’s not all, though. If a user has established an SSL VPN connection to an enterprise’s network and leaves the session open, anyone else with access to that system will be able to wreak havoc on that restricted internal network.
Similarly, using a publicly accessible computer to create an SSL VPN connection isn’t a great idea. Chances are the system doesn’t fulfill enterprise security standards and policies, leaving remote users susceptible to keylogger attacks. In this case, the bad guys could intercept confidential information such as user credentials without much effort.
IPSec vs. SSL VPN Technology
There are a number of advantages of using SSL VPN over IPSec VPN. First of all, setting up a remote access VPN connection with IPSec requires the installation of client software on systems. Enterprises may need to purchase and configure additional software, which increases administrative overhead. SSL VPNs, though, can easily be configured using existing browsers and require minimal modifications.
Ease of use is another advantage SSL VPNs have over IPSec VPNs. Different IPSec VPN providers could have different configuration and implementation requirements, whereas SSL VPNs can be implemented with virtually any modern browser.
When it comes to IPSec VPNs, a remote user has complete access to the entire internal network which can expose some resources to attacks! In contrast, SSL VPNs allow for personalized, granular access control by supporting the creation of tunnels to specified applications instead of the entire network. In this way, it’s easy for enterprises to provide different users with different access rights.
On Which OSI Layer Does SSL VPN Operate?
An SSL VPN operates at the transport layer of the Open Systems Interconnection (OSI) model, so network traffic can easily be divided into tunneled circuits to access protected applications or resources and untunneled circuits to access public applications or resources.
What Port Does SSL VPN Use?
SSL VPNs use TCP port 443, which is already opened on almost all firewalls and will work in just about any environment. It also proves useful for remote users when they’re sitting behind another establishment’s firewall.
Wrapping Things Up
With VPNs becoming a more significant part of educational and corporate environments, simplifying the ease of use is going to be paramount if the technology is to gain widespread acceptance. This is where SSL VPNs are useful as they can be used by individuals with little to no literacy when it comes to computers.
Not only this, an SSL VPN is easily accessible from any modern device or computer and can be set up to be more secure than IPSec. Enterprises with a global presence have access to an extensive network of employees, and by embracing SSL VPNs they can continue to expand securely without the technical knowledge and overhead required by other out-of-date VPN technologies.