« It's Even Better: Cisco's Output Interpreter | Main | Random "Trick" »
September 25, 2006
Cisco WebVPN / SSL VPN / Thin Client /
SSL VPNs are the future of VPN technology. While they are still brand new, "bleeding edge" sort of technology, they will eventually be how we run our VPN connections for most organizations. The concept is simple: HTTPS (SSL-based) web pages have used adequate encryption for years...why not harness the technology to create a "client-less VPN system," tunneling applications through the SSL connection.
For a user to connect to a SSL VPN, no client installation is necessary. Rather, they simply access a web page, authenticate, and minimize the web browser window. They're now on the corporate VPN.
There's more to it than this (such as JAVA client downloads may be necessary for full port forwarding capabilities, etc...). Cisco just published an excellent explanation / configuration document for the WebVPN/SSL VPN technology. Get it here.
Posted by JC at September 25, 2006 9:55 AM
Trackback Pings
TrackBack URL for this entry:
http://www.cioara.org/cgi-bin/mt-tb.cgi/108
Comments
I have been pondering this technology for sometime now. Especially now that Cisco has made it even easier in their ASA line.
However, the one thing that keeps me from implementing it, is from lack of security. Not from authentication, as user security is only as good as you make it. But rather, client security.
I have no control of one of my users getting on the VPN from their old, decrepid, and possible virus-infected machine. Or worse, an unsecured wireless network, with ip-forwarding enabled on their machine.
Since I cannot control the security policies of their machines, it makes it dangerous.
What do you think?
~~Aaron
Posted by: Aaron Paxson at September 25, 2006 8:20 PM
Heya Jeremy!
You were wondering if "unbenounced" is an actual word. Heh, check this out : http://www.urbandictionary.com/define.php?term=unbenounced
Posted by: Joshua Walton at September 26, 2006 2:20 PM
Aaron -
Good thought; Cisco's already got it covered. They provide a product called "Secure Desktop" that is applied when a client accepts the SSL VPN session. Here's a quick blurb:
The Cisco® WebVPN solution offers a simple and elegant way to create a completely secure and customizable SSL VPN session on any third-party computer without leaving any data behind after the session ends. A key component of Cisco WebVPN is the Cisco Secure Desktop functionality. Cisco Secure Desktop provides a consistent and reliable means of eliminating all traces of sensitive data by providing a single secured location for session activity and removal on the client system. This ensures that cookies, browser history, temporary files, auto-complete passwords, and downloaded content do not remain on a system after a remote user has logged out or an SSL VPN session has timed out. Protection is increased against data theft and client system malware by encrypting all data and files associated with or downloaded during the SSL VPN session.
The full scoop on the client is here.
Posted by: Jeremy at September 26, 2006 10:08 PM
Hello J,
Would it be possible for you to make a forum on your site for people to post topics?
Posted by: Joshua Walton at September 27, 2006 3:12 PM
Joshua -
I'd love to; however, my web coding abilities are lacking to say the least. If I could figure out an easy way to do it, I definitely would!
Posted by: Jeremy at September 27, 2006 6:55 PM
I will be happy to show you how, Jeremy.
Send me an email to jowalton@cisco.com and cc joshwalton@msn.com. I will send you my AIM/Yahoo/MSN information and we can chat about it when the time permits. Im currently in San Jose attending a CCVP bootcamp and will have time after class.
I run several forum sites, but will not list them here for advertising purposes.
Thanks buddy!!
Posted by: Joshua Walton at September 28, 2006 9:40 PM