
	Home > Ask the Security Experts > Network Security Questions & Answers > What are the benefits of a tunnelless VPN?

Ask The Security Expert: Questions & Answers

EMAIL THIS

What are the benefits of a tunnelless VPN?

EXPERT RESPONSE FROM: Mike Chapple, featured expert

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 14 January 2007
Does it matter if a VPN is "tunnel-less?" How does a tunnelless VPN work, and are there any security risks?

BROWSE BY TAG

Network Security, SSL and TLS VPN Security, Secure VPN Setup and Configuration, Enterprise Network Security, IPsec VPN Security, VIEW ALL TAGS

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Network Security
	Should enterprises be running multiple firewalls?
	What are best practices for fiber optic cable security?
	What is the difference between a VPN and remote control?
	What are the disadvantages of proxy-based firewalls?
	What are the best practices for IPS implementation?
	How to prevent DDoS attacks on websites
	How to configure firewall ports for webmail system implementation
	Can S/MIME, XML and IPsec operate in one protocol layer?
	How should service providers address VoIP security issues and threats?
	How to set up a corporate cell phone management strategy

SSL and TLS VPN Security

Creating an SSL connection between servers

Can S/MIME, XML and IPsec operate in one protocol layer?

Can secure USB devices prevent man-in-the middle attacks

How to secure SSL following new man-in-the-middle SSL attacks

SSLstrip hacking tool bypasses SSL to trick users, steal passwords

What firewall controls should be placed on the VPN?

What firewall features will best protect a LAN from Internet hack attacks and malware?

IBM USB banking device stops keyloggers, malware

Debian: A niche OS with a not-so-niche security flaw

Google Chrome unlikely to attract security-minded users

IPsec VPN Security

What is the difference between a VPN and remote control?

Can S/MIME, XML and IPsec operate in one protocol layer?

How to create a secure network through a shared Internet connection

What firewall controls should be placed on the VPN?

VoIP tools, attacks could increase threat

Best practices for processing financial data through remote servers

What ports should be opened and closed when IPsec filters are used?

DMVPN configuration: Should a firewall be between router and Internet?

How would you meet PCI requirement 2.3 when it comes to terminal service or RDP sessions?

How should the ipseccmd.exe tool be used in Windows Vista?

IPsec VPN Security Research

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

Secure Shell (SearchSecurity.com)

Secure Sockets Layer (SearchSecurity.com)

server accelerator card (SearchSecurity.com)

SSL VPN (SearchSecurity.com)

Transport Layer Security (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

There are two main technologies used to implement tunnelless VPNs: Secure Sockets Layer (SSL) and Group Encrypted Transport (GET).

Of the two technologies, you're more likely to encounter SSL-based VPNs on today's networks, only because GET is a relatively new technology. SSL-based VPNs offer remote users secure access to internal applications without the use of an IPsec VPN client. SSL VPNs are most commonly used to share Web applications. In this case, users connect to the SSL VPN, authenticate and then gain access to selected applications though the VPN server, which acts as a proxy. Generally, this setup is more secure than that of an IPsec VPN, as it allows you to strictly control a user's access without granting direct contact to the underlying network. Many SSL VPNs also offer the download of a browser-based client that allows more extensive access to the protected network, including the use of client/server applications. In this case, the security risks are the same as an IPsec-based VPN.

Group Encrypted Transport (GET) is a relatively new technology that's proprietary to Cisco Systems Inc. Networks running GET encrypt the payload portion of a packet only, allowing the address information to remain unencrypted. This provides enhanced networking functionality, permitting the use of quality of service (QoS) to prioritize encrypted traffic. However, GET also exposes VPN users to the risk of traffic analysis, as eavesdroppers may be able to determine their usage patterns from the unencrypted portion of the packet. For more details on GET, you may wish to read more about the recent debut of Cisco's tunnelless GET VPN technology on our sister site, SearchNetworkingChannel.com.

More information:

Learn the difference between IPsec and other tunneling protocols.

Use an SSL VPN to limit users' acess to applications and network resources.

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy