Packt Publishing Logo SSL VPN: Understanding, evaluating, and planning secure, web-based remote access
www.PACKTPUB.com FREE ONLINE EDITION: Read full chapters online, download free samples from the book and more...
SSL VPN Book Cover SSL VPN Book Cover SSL VPN Book Cover SSL VPN Book CoverSSL VPN Book Cover  
Book Contents Home

Introduction
1: Introduction to SSL VPN
2: SSL VPN: The Business Case
3: How SSL VPNs Work Free Chapter
4: SSL VPN Security
5: Planning for an SSL VPN
6: Educating the User
7: Legacy Data Access
8: The Future of SSL VPN Technology
Appendix A: A Review of TCP, IP and Ports
Appendix B: SSL VPN Gateways
Index

Free Chapters:
Chapter 3:
How SSL VPNs Work [PDF]
How SSL VPNs Work [HTML]

Packt Full of Offers
Buy two Packt Books, get 18% off both

Buy the book & eBook together and get 80% off the eBook
 




View the book details
on PacktPub.com
 

 

Chapter 4: SSL VPN Security
SSL VPNs serve as gateways into corporate infrastructure and as such, security is a critical component of any SSL VPN offering. So important are the security-related capabilities of SSL VPN products that the differences in the security features set across products often determine which SSL VPN an enterprise will choose to deploy.

SSL VPN security falls into three categories:

  1. Authentication and Authorization: Users gain access to valuable information and systems through the SSL VPN. Because of this, it is critical to ensure that only authorized users access resources through the SSL VPN and that individual users access only those resources that they are supposed to access.

  2. Endpoint Security: Endpoint security is sometimes known as Client-Side Security or Browser-Side Security. It refers to technology implemented to prevent any security-related problems occurring on devices used to access resources via the SSL VPN. It is important to realize that as opposed to earlier remote-access technologies, SSL VPN technology allows access from machines not known to be secure and as such, the endpoint concerns are different from the endpoint issues present in older remote-access scenarios.

  3. Server-Side Security: Server-Side security, sometimes known as Network Security, refers to protecting internal corporate resources including the SSL VPN server itself from falling victim to any form of compromise.

Throughout our detailed review of these areas, it is important to keep in mind that SSL VPN products differ widely on how security is implemented. Each product does not necessarily offer all the features discussed, and due to product design and capability differences, some of the security issues may not even be pertinent when certain products are deployed. One should also be aware that some of the security functions described below are often implemented through the integration of third-party products with the core SSL VPN offering—sometimes by the SSL VPN vendor and sometimes by the implementer. In any case, the remainder of this chapter describes the security concerns associated with SSL VPN technology and some approaches to addressing them.

  • Chapter 4: SSL VPN Security

    •  
    • Authentication and Authorization
      • Authentication
        • Passwords
        • One-Time Passwords
        • Biometric Information
        • Client Certificates
        • Smart Cards or USB Tokens
        • Two-Factor Authentication
      • Single Sign On
      • Authorization
        • Operating System Permissions
        • File System Permissions
        • Native Application Permissions
        • Restricted Interfaces
        • Authorization Information Maintained by the SSL VPN
        • Third-Party Authorization Databases
    • End Point Security Concerns
      • The Problem: Sensitive Data in Insecure Locations
        • Browser Cache Entries
        • Proprietary Cache Entries
        • Temporary Files: Viewing E-mail Attachments
        • Temporary Files: Downloading and other Mechanisms
        • Form-Field Contents Memorized for AutoComplete
        • URL Entries Memorized for AutoComplete
        • Cookies Generated During User Sessions
        • History Records
        • User Credentials Memorized by the Browser
      • The Solution
      • The Problem: Third Party Search Tools Running on Access Devices
      • The Solution
    • Department of Defense (DoD) Requirements
      • The Problem: Users May Neglect to Log Out
      • The Solution
        • Long Timeout Thresholds: Not a Good Idea
        • Non-Intrusive Timeout Systems
        • Forced Periodic Re-Authentication
        • Ignoring Phony Activity
        • Timeout Thresholds
      • The Problem: Viruses Enter Corporate Networks via the SSL VPN
      • The Solution
        • Check for Anti-Virus Software on the User's Device
        • Block Uploads
        • Rely on Internal Network Antivirus
      • The Problem: Worms Enter Corporate Networks via the SSL VPN
      • The Solution
        • Personal Firewalls
        • Application Firewalls
      • Problems of Insecure Locations
        • Spyware
        • Keystroke Loggers
        • Shoulder Surfing
        • Video Cameras Aimed at Computers
        • Emanations
      • Hackers Bridging to the Corporate Network
      • The Problem: Internal Networking Information may be Leaked
      • The Solution
        • Printing and Faxing
        • Deleted Files
      • Trusted Endpoint
      • Tiers of Access Based on Endpoint Situation
        • Internet Provider Controls
    • Server-Side Security Issues
      • The Problem: Firewalls and Other Security Technologies may be Undermined
      • The Solution
      • The Problem: Application-Level Vulnerabilities
      • The Solution
      • Encryption
      • Patching of SSL VPN Servers
      • Linux versus Windows
      • Some Other SSL VPN Appliance Security Concepts
        • Hardening
        • Air Gap
        • Protection from Internal Systems and the Internal Network
        • ASIC
  This website is owned and maintained by Packt Publishing Ltd, 2006. All rights reserved. Terms and Conditions