Introduction
1: Introduction to SSL VPN
2: SSL VPN: The Business Case
3: How SSL VPNs Work
Free Chapter
4: SSL VPN Security
5: Planning for an SSL VPN
6: Educating the User
7: Legacy Data Access
8: The Future of SSL VPN Technology
Appendix A: A Review of TCP, IP and Ports
Appendix B: SSL VPN Gateways
Index
Free Chapters:
Chapter 3:
How SSL VPNs
Work [PDF]
How SSL VPNs Work [HTML]
Packt Full of Offers
Buy two Packt
Books, get 18% off both
Buy the book & eBook together and get 80% off the eBook
|
Chapter 3: How SSL VPNs Work
As described
in Chapter 1, SSL VPN products allow users to establish secure
remote-access sessions from virtually any Internet-connected web
browser. Delivering the ability for people to access e-mail, critical
information systems, files, and other network resources from virtually
anywhere is not a trivial task. Despite often appearing to onlookers as
simple devices, SSL VPNs employ complex and advanced technology.
At present, there are no official
standards for SSL VPN technology (other than for SSL,
HTTP,
and other SSL VPN subcomponents). The few third-party SSL VPN
'certifiers' that exist, primarily examine features, not the internal
mechanisms of delivering those features. With a highly competitive
climate currently present in the SSL VPN market, vendors are also
reluctant to disclose the details of the inner workings of their
products. Yet, even without official information from each vendor, it is
possible to understand SSL VPN technology. Every offering in the market
faces similar challenges in providing web-based remote access. As a
result, the basic technology utilized by SSL VPN products exhibits many
common attributes across products. As such, in Chapter 2
we will explore the internal workings of SSL VPN technology not
from the perspective of any particular offering, but rather from a
generic approach.
There are many complex technologies
utilized by SSL VPNs, many of which designers, administrators, and users
of SSL VPNs need not be intimately familiar with in order to understand
SSL VPN. The intention of this chapter is to provide the reader with an
overview of how SSL VPN technology works and provide sufficient
information about each component of SSL VPN technology. Enough
information is provided to understand SSL VPN, though we will not cover
every detail about every technology subcomponent.
- Background
- Overview of SSL Technology
- Symmetric Cryptography: Data Confidentiality
- Asymmetric Cryptography: Data Confidentiality
- Asymmetric Cryptography: Server Authentication
- Asymmetric Cryptography: Client Authentication
- Key Size
- Establishing Secure Tunnels Using SSL
- Secure Tunnels
- OSI Network Model
- Application-Level Communications
- Reverse Proxy Technology
- SSL Remote Access: Reverse Proxy Technology Plus
- Non-Web Traffic over SSL
- Establishing Network Connectivity over SSL
- Why Different Access Technologies for Web Applications
- Applets
- Remote Access to Files and Other Resources
- Remote Mounting of Network Drives
- File Access Interface
- Telnet and Host Access
- Printers and Other Network Resources
- Terminal Services
- Internet-Enabling Internal Applications
- Remote Access Interface
- Login and Single Sign On
- Portal Pages
- Toolbars
- Languages
- Multiple Windows Vs. a Single Window
- Logout Button
- Help
- User Interface Based on Browser Type
- SSL VPN Status Window
- Web Email (WebMail) Interfaces
- Administration Tools
- Performance
- SSL Acceleration
- Compression of HTTP Traffic
- Caching
- Load Balancing: IP Spraying
- Access from Older Web Browsers
|
