Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Clientless VPN (SSL VPN) vs HTTPS

From: bhaven.haria () paladion net
Date: 11 Aug 2006 14:04:22 -0000
Hi 

If we have just one web application, that is WEBMAIL, then SSL-VPN doesn't provide additional security than https based 
webmail access..

But if we have multiple web applications which needs to be accessed by multiple people, SSL-VPN can help in following 
ways:
1) No need to https each and every application. By doing this, we can save server resources, SSL Certificate costs. 
2) No need to directly publish all applications on the web, we can save on public IP addresses. Moreover, It provides 
better security, since the applications are not directly exposed to internet.
3) Granular Access Control, by which, we can define which applications can be accessed by who all users.

As you might be aware, SSL-VPN can be used to encrypt non-web traffic too.

For more info, there is an introductory article on  *Understanding SSL VPN* 
http://palisade.plynt.com/issues/2006Jul/ssl-vpn/

Hope, this helps :)

-Bhaven

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: