Home > Information Security Magazine > Features > Not So Simple
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Not So Simple
by David Strom
Issue: Sep 2006
printer-friendly
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   NEXT PAGE  >

Are you ready to rid your enterprise of a client-based VPN in favor of simple SSL? Tread carefully. We sort through five SSL VPNs, and uncover which best conquer the many challenges.


Enterprises are being drawn to SSL VPNs by the promise of easier support for roaming users--there's no need to install a thick client that is closely tied to a particular operating system and requires an IT department to touch each endpoint. With nothing more than a Web browser, users can securely connect to internal networks from just about any machine, anywhere.

[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
More information from SearchSecurity.com

Learn how VPNs use encryption to secure data in transit.

Test your knowledge of IPsec and SSL VPNs.

Read why SSL VPN adoption is increasing.


[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]

But reality is quite different. In fact, many corporate IT departments that start down the SSL VPN path because of minimum client requirements discover that the requirements aren't so minimal, especially to support a heterogeneous network. SSL products still require a great deal of administration, configuratio...



n and support, as was evident in Information Security's extensive tests of five leading products.

We tested four hardware solutions--Aventail's ST EX-2500, Cisco Systems' ASA 5540, F5 Networks' FirePass 4100 and Juniper Networks' Secure Access (SA) 6000 SP--and one software product, Check Point Software Technologies' Connectra NGX R61 (Check Point also sells its product as an appliance).

About this review

[IMAGE]


Information Security invited 17 SSL VPN vendors to apply for consideration for testing, and selected the five best responses based on a combination of pre-eminence in the security market and our judgment about features and the ability to support a large, complex network such as Stanford University's network. Nokia declined to apply without giving a reason, Symantec did not submit a product because it is focusing on the UTM market, and SonicWALL passed because of its SMB focus.

We set up a test lab on the Stanford campus, using the university's production network and tapping into resources on its enterprise backbone. Stanford has an older IPSec VPN configuration and was interested in an SSL VPN gateway.

All of the VPN gateways were placed on a separate server network, along with a Windows Server 2003, a Linux server, and an RSA SecurID ACE appliance that was used for two-factor authentication with its key fobs. We also set up an Avocent DSR 1031 KVM switch that allowed us to control all of these servers via a Web browser, and was used to test the ability of each VPN to support complex Web applications.

All of these servers were placed behind a firewall that blocked all access, with the exception of a client coming from one of the VPNs. A separate network contained four client PCs running Windows XP with SP2, Windows 2000, Windows 98 SR2 and Mac OS X v10.4, each with the latest patches and updates applied.

Each Windows client ran both IE v6.0 and Firefox v1.5 browsers. The Mac ran IE v5.2, Firefox v1.5, and Safari v2.0.3. The test lab also connected to a production Microsoft Active Directory server that was also running RADIUS and LDAP services, and an Exchange 2003 server that was configured for IMAP, POP and Outlook Web Access.

--DAVID STROM


[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] Making the Grade [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
Click here for a comprehensive report card on our findings (PDF).
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]

The products were tested in a purpose-built lab on the Stanford University campus in California (See "About This Review," above), with the help of the backbone networking group that runs the main university data center and operates the major network infrastructure on campus. We analyzed and graded their capabilities (See "Making the Grade," at right) for enterprise management and control, client support, applications support, and authentication and access control.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts