ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > News > Communications

Mobile working Toolkit

Remote working heightens security

Marguerite Reardon CNET News.com

Published: 15 Jan 2004 10:30 GMT

The birth of SSL VPNs does not imply the death of IPsec for remote networking. Most experts agree that the technologies are complementary. NetScreen, which had a strong IPsec VPN and firewall business prior to its acquisition of Neoteris, plans to continue to sell those products separately.

It also looks likely to continue to generate the vast majority of its typical $80m quarterly revenue from IPsec VPN and firewall appliance sales. For their part, Cisco and Nortel each expect to integrate SSL and IPsec technologies onto one VPN device, which would give customers both sets of functionality.

Though SSL virtual private networking offers many benefits, the networking technology is not without its downside. One important element is end-point security.

Because a SSL VPN allows people to enter corporate networks via any Web browser, companies need to make sure that it has strong authentication to verify that its users are authorised. It also needs strong policy management to ensure that people only access applications for which they have approval.

SSL VPNs can also expose companies to malicious code. Because people can use any Web-enabled device for access, viruses from those machines can be transmitted to the corporate network. Unlike IPsec VPNs, SSL VPNs don't connect at the network level.

On the one hand this is good, because a network-based connection could easily allow viruses to pass through the network. But SSL VPNs can also let damaging code in via applications such as email.

"SSL gateways don't provide any sort of filtering," said Dave Kosiur, a senior analyst with the Burton Group. "So if there is a virus attached to an email, it will still end up on the email server."

Some SSL VPN providers are already working on ways to protect customers. For example, Nokia has developed the Nokia Secure Access System. The software, which is loaded on a Nokia appliance, not only authenticates employees, but also exchanges digital certificates with the machine being used and performs a client integrity scan.

This scan checks for vulnerabilities on the device. Basing its response on this scan and the user's profile, it automatically adjusts the customer's privileges.

Aventail, NetScreen and Nortel are also adding security features to their products.

In time, analysts say, every SSL VPN vendor will include some security. Most companies are likely to look for partners in the security market. Aventail recently announced a deal with Fortinet, a supplier of antivirus and firewall products.

"There is no one product in this world that can solve every problem," NetScreen's Matlof said. "It requires all of us in the SSL VPN market to interoperate with other security devices and develop strong relationships with those companies."

Even with vendors beefing up security, buyers will still need to shoulder some of the burden for protecting their own networks.

"For us, security is paramount," Torre said. "We have strong regulations we must follow regarding privacy of medical records. We wouldn't deploy any remote access technology without strong two-tier authentication."