SSL VPN : Understanding, evaluating and planning secure, web-based remote access

SSL VPN : Understanding, evaluating and planning secure, web-based remote access
eBook: $29.99
Formats: PDF, PacktLib, ePub and Mobi formats
save 50%!
Print + free eBook + free PacktLib access to the book: $79.98    Print cover: $49.99
save 37%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Table of Contents
Sample Chapters
  • Understand how SSL VPN technology works
  • Evaluate how SSL VPN could fit into your organisation?s security strategy
  • Practical advice on educating users, integrating legacy systems, and eliminating security loopholes
  • Written by experienced SSL VPN and data security professionals


Book Details

Language : English
Paperback : 212 pages [ 235mm x 191mm ]
Release Date : March 2005
ISBN : 1904811078
ISBN 13 : 9781904811077
Author(s) : Joseph Steinberg, Tim Speed
Topics and Technologies : All Books, Networking and Servers, Enterprise, Networking & Telephony

Table of Contents

Chapter1: Introduction to SSL VPN
Chapter 2: SSL VPN: The Business Case
Chapter 3: How SSL VPNs Work
Chapter 4: SSL VPN Security
Chapter 5: Planning for an SSL VPN
Chapter 6: Educating the User
Chapter 7: Legacy Data Access
Chapter 8: The Future of SSL VPN Technology
Appendix A: A Review of TCP, IP, and Ports
Appendix B: SSL VPN Gateways
  • Chapter1: Introduction to SSL VPN
    • The Internet
    • Reference Models
      • OSI Reference Model
      • DARPA Model
    • Introducing Hacker Bob
      • Trapping Your Data
        • Basic HTTP Authentication
      • Keeping Hacker Bob Out of Your Data
    • VPNs
      • One Computer to the Corporate Network
      • Remote Office Network Connected to the Main Office
    • VPN Examples
      • IPsec
      • SSL VPN
    • IPsec Vs. SSL VPN
    • Trusted Networks
    • The DMZ
      • SSL VPN Scenarios
        • SSL VPN: Hubs
        • SSL VPN: Private Network
    • Summary
  • Chapter 3: How SSL VPNs Work
    • Appliances Vs. Software
    • The SSL Protocol
      • Background
      • Overview of SSL Technology
        • Symmetric Cryptography: Data Confidentiality
        • Asymmetric Cryptography: Data Confidentiality
        • Asymmetric Cryptography: Server Authentication
        • Asymmetric Cryptography: Client Authentication
        • Key Size
    • Establishing Secure Tunnels Using SSL
      • Secure Tunnels
      • OSI Network Model
      • Application-Level Communications
    • Reverse Proxy Technology
    • SSL Remote Access: Reverse Proxy Technology Plus
      • Non-Web Traffic over SSL
      • Establishing Network Connectivity over SSL
      • Why Different Access Technologies for Web Applications
      • Applets
      • Remote Access to Files and Other Resources
        • Remote Mounting of Network Drives
        • File Access Interface
        • Telnet and Host Access
        • Printers and Other Network Resources
        • Terminal Services
      • Internet-Enabling Internal Applications
        • Web-Based Applications
      • Remote Access Interface
        • Login and Single Sign On
        • Portal Pages
        • Toolbars
        • Languages
        • Multiple Windows Vs. a Single Window
        • Logout Button
        • Help
        • User Interface Based on Browser Type
        • SSL VPN Status Window
        • Web Email (WebMail) Interfaces
      • Administration Tools
      • Performance
        • SSL Acceleration
        • Compression of HTTP Traffic
        • Caching
        • Load Balancing: IP Spraying
      • Access from Older Web Browsers
    • SSL VPN Sample Session
    • Summary
  • Chapter 4: SSL VPN Security
    • Authentication and Authorization
      • Authentication
        • Passwords
        • One-Time Passwords
        • Biometric Information
        • Client Certificates
        • Smart Cards or USB Tokens
        • Two-Factor Authentication
      • Single Sign On
      • Authorization
        • Operating System Permissions
        • File System Permissions
        • Native Application Permissions
        • Restricted Interfaces
        • Authorization Information Maintained by the SSL VPN
        • Third-Party Authorization Databases
    • End Point Security Concerns
      • The Problem: Sensitive Data in Insecure Locations
        • Browser Cache Entries
        • Proprietary Cache Entries
        • Temporary Files: Viewing E-mail Attachments
        • Temporary Files: Downloading and other Mechanisms
        • Form-Field Contents Memorized for AutoComplete
        • URL Entries Memorized for AutoComplete
        • Cookies Generated During User Sessions
        • History Records
        • User Credentials Memorized by the Browser
      • The Solution
      • The Problem: Third Party Search Tools Running on Access Devices
      • The Solution
    • Department of Defense (DoD) Requirements
      • The Problem: Users May Neglect to Log Out
      • The Solution
        • Long Timeout Thresholds: Not a Good Idea
        • Non-Intrusive Timeout Systems
        • Forced Periodic Re-Authentication
        • Ignoring Phony Activity
        • Timeout Thresholds
      • The Problem: Viruses Enter Corporate Networks via the SSL VPN
      • The Solution
        • Check for Anti-Virus Software on the User's Device
        • Block Uploads
        • Rely on Internal Network Antivirus
      • The Problem: Worms Enter Corporate Networks via the SSL VPN
      • The Solution
        • Personal Firewalls
        • Application Firewalls
      • Problems of Insecure Locations
        • Spyware
        • Keystroke Loggers
        • Shoulder Surfing
        • Video Cameras Aimed at Computers
        • Emanations
      • Hackers Bridging to the Corporate Network
      • The Problem: Internal Networking Information may be Leaked
      • The Solution
        • Printing and Faxing
        • Deleted Files
      • Trusted Endpoint
      • Tiers of Access Based on Endpoint Situation
        • Internet Provider Controls
    • Server-Side Security Issues
      • The Problem: Firewalls and Other Security Technologies may be Undermined
      • The Solution
      • The Problem: Application-Level Vulnerabilities
      • The Solution
      • Encryption
      • Patching of SSL VPN Servers
      • Linux versus Windows
      • Some Other SSL VPN Appliance Security Concepts
        • Hardening
        • Air Gap
        • Protection from Internal Systems and the Internal Network
        • ASIC
    • Summary
  • Chapter 5: Planning for an SSL VPN
    • Determining Business Requirements
      • Remote Access Paradigms
      • Determining User Needs
        • Different Scenarios
    • Selecting an Appropriate SSL VPN
      • Ensuring Proper Level of Access
      • Proper User Interface and Experience
      • Remote Password Management
      • Adherence to Security Standards
      • Platform
        • Hardware
        • Operating System
        • Network Connectivity
    • Determining which SSL VPN Functions to Use
    • Where to Deploy the SSL VPN server
      • Back Office
        • Pros
        • Cons
      • DMZ
        • Pros
        • Cons
      • Outside the Perimeter Firewall
        • Pros
        • Cons
      • Air Gap
        • Pros
        • Cons
      • Offloaded SSL
        • Pros
        • Cons
    • Planning for Deployment
    • User and Administrator Training
    • Summary
  • Chapter 6: Educating the User
    • Building an Education Plan
      • Education Plan: Start the Process
        • Vision
        • High-Level Training Plan
        • The Agreement
        • The Use Case
      • Education Plan: Finalize the Plan
        • Final Training Plan
        • Include Incident Handling Policies in your Training Plan
        • The Money
        • Creating Educational Materials
        • Reusing the Use Cases
        • Executing the Test Plan
      • Education Plan: Testing and Pilots
        • Unit Tests
        • Process Tests
        • Technical Pilots
        • Production Pilot 1
        • Production Pilot 2
        • Implementation
      • Education Plan: Production
      • Specific Training for SSL VPNs
        • Training the Masses
        • Single Sign On (SSO)
        • SSL Locks and Dialog Boxes: One More Note About Phishing
        • E-Commerce Scenario
    • Summary
  • Chapter 7: Legacy Data Access
    • Computing Elements
    • Applications
      • Commercial Off-The-Shelf (COTS)
      • Custom Programs
      • Legacy Applications
    • The Web Challenge
      • Direct Access
        • Scrape the Screen
        • Awareness
      • SSL VPN with Middleware Access
    • Meeting the Challenge
      • Secure Access
    • Tunneling to the Other Side
      • Tunneling Techniques
      • Lotus Notes Tunnel
        • Tunneling Steps
    • Other Applications
    • Summary
  • Chapter 8: The Future of SSL VPN Technology
    • Standardized Feature Sets
    • Interfaces
      • Third-Party Security System Interfaces
        • Authentication Systems
        • Authorization Systems
        • Endpoint Security Systems
        • Application Firewalling Interfaces
      • Application Interfaces
      • Logging, Reporting, and Management Interfaces
    • SSL VPN Products for Small, Medium, and Large Organizations
    • Application-Specific SSL VPNs
    • Merging with IPSec VPN and Firewall Technology
    • SSL Access Platforms
    • Support for More Diverse Computers
      • Macintosh
      • Linux and Other Variants of UNIX
      • Handheld Devices
    • Improved Performance and Reliability
    • Voice-Over-IP
    • Two "Business Developments"
    • Summary
  • Appendix B: SSL VPN Gateways
    • SSL VPN Offerings
    • AEP Systems
    • Array Networks
    • Aventail
    • Check Point Software Technologies
    • Cisco Systems
    • Citrix Systems
    • EnKoo
    • F5 Networks
    • Juniper Networks
    • NetScaler
    • NetSilica
    • Netilla Networks
    • Nokia
    • Nortel Networks
    • Permeo Technologies
    • PortWise
    • SafeNet
    • Symantec
    • Whale Communications

Joseph Steinberg

Joseph Steinberg is CEO of Green Armor Solutions, an information-systems security product vendor specializing in technology that combats phishing, pharming, and online fraud. Prior to joining Green Armor, he spent more than four years with Whale Communications, one of the pioneers of SSL VPN technology. Earlier, he served in senior-management capacities at several product vendors and consulting firms, and worked in technical positions at Citibank and AT&T.

Mr. Steinberg's May 2003 article 'SSL VPN Security' introduced an awareness of critical security issues created by SSL VPN technology; since its publication, nearly every SSL VPN vendor has acted upon the concerns and recommendations made in the article.

Mr. Steinberg earned an M.S. in Computer Science from NYU, and holds a CISSP (Certified Information Systems Security Professional) credential as well as advanced certifications in IT security management (ISSMP) and architecture (ISSAP). He has lectured on topics related to IT Security and Management and is the author of numerous articles in various journals, magazines, and other publications. A recognized expert on IT security, he is also interviewed on a regular basis by media personalities and sits on panels discussing IT-security related matters.

Mr. Steinberg lives in the suburbs of New York City with his wife and two daughters.

Tim Speed

Tim Speed is an IBM Systems (IBM Senior Certified) Architect with IBM Software Services for Lotus (ISSL). In that capacity, Tim is responsible for designing, and implementing technical solutions our customers. He has been an IBM/Lotus employee for 16 years. He has been working with Notes for over 19 years focusing on messaging, security, and infrastructure. Tim has published a total of 10 books on various topics including Internet Security and Lotus Notes and Domino.
Sorry, we don't have any reviews for this title yet.

Submit Errata

Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.

Sample chapters

You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

Frequently bought together

SSL VPN : Understanding, evaluating and planning secure, web-based remote access +    Oracle Information Integration, Migration, and Consolidation =
50% Off
the second eBook
Price for both: $43.05

Buy both these recommended eBooks together and get 50% off the cheapest eBook.

What you will learn from this book

  • How SSL VPN technology works, and how it fits into existing network architectures
  • Evaluating SSL VPN for your organization
  • Understand what to look out for when talking to vendors
  • How to plan an SSL VPN implementation for your business
  • Educate staff to maintain SSL VPN security
  • Strategies for providing access to internal legacy applications via SSL VPN
  • A heads-up on likely trends and possibilities for the future of SSL VPN


In Detail

Virtual Private Networks (VPNs) provide remote workers with secure access to their company network via the internet by encrypting all data sent between the company network and the user?s machine (the client). Before SSL VPN this typically required the client machine to have special software installed, or at least be specially configured for the purpose.

Clientless SSL VPNs avoid the need for client machines to be specially configured. Any computer with a Web browser can access SSL VPN systems. This has several benefits:

  • Low admin costs, no remote configuration
  • Users can safely access the company network from any machine, be that a public workstation, a palmtop or mobile phone
  • By pass ISP restrictions on custom VPNs by using standard technologies

SSL VPN is usually provided by a hardware appliance that forms part of the company network. These appliances act as gateways, providing internal services such as file shares, email servers, and applications in a web based format encrypted using SSL. Existing players and new entrants, such as Nokia, Netilla, Symantec, Whale Communications, and NetScreen technologies, are rushing our SSL VPN products to meet growing demand.

This book provides a detailed technical and business introduction to SSL VPN. It explains how SSL VPN devices work along with their benefits and pitfalls. As well as covering SSL VPN technologies, the book also looks at how to authenticate and educate users ? a vital element in ensuring that the security of remote locations is not compromised. The book also looks at strategies for making legacy applications accessible via the SSL VPN.

This book is a business and technical overview of SSL VPN technology in a highly readable style. It provides a vendor-neutral introduction to SSL VPN technology for system architects, analysts and managers engaged in evaluating and planning an SSL VPN implementation.


Visit the Free Online Edition for SSL VPN and learn more about the book, you can read through a full chapter, "How SSL VPNs Work", and discover what each chapter from this book has in store.


The book blends technically rigorous descriptions with a friendly approach based on practical examples and scenarios. The authors write in clear, informal language and make extensive use of diagrams and images. The book begins with an overview of SSL VPN?s purpose, and the technical and business trends that are making it popular today. It then looks at how SSL VPNs work and how they fit into existing network plans. The effect of SSL VPN on the wider business environment is then considered, before looking at how SSL VPN technology is likely to develop in the future.

Who this book is for

This book aimed at IT network professionals and managers who are currently evaluating SSL VPN technologies. It requires a broad understanding of networking concepts, but does not require specific and detailed technical knowledge of protocols or vendor implementations.

Table of Contents

Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software