Privacy and security are critical aspects of any enterprise network as we move into 2006. Today's security solutions consist of firewalls, virtual private network gateways, intrusion detection sensors (IDS) and proactive queries of operation systems in order to ensure that the client's virus and worm protections are up to date. Any and all of these technologies can be part of overall security architecture. Encryption of data as it traverses WLAN networks and the public Internet is driving a tremendous amount of development in the VPN gateway market.
Traditional encryption-based VPNs utilized IPsec as the technology of choice for building tunnels across the Internet and within the enterprise. However, Secure Sockets Layer (SSL) gateways are becoming more commonplace as the numbers of vendors, platforms and features/functionality expand.
With the advent of Web-based applications, the explosion of SSL to support Web-based security is not as surprising as it would seem. SSL has been around for quite some time, but is just now gaining traction in the marketplace (in the last two years).
The expansion of SSL has lead to VPN products offering multiple features and functionality to the enterprise. VPN gateways can now be categorized into four different categories based on the feature set supported by each. The four categories are as follows:
- SSL VPN gateway: SSL VPN, access control, access policy and client-audit capabilities
- Hybrid VPN gateway: SSL and IPSEC and access policy
- Multi-function VPN gateway: SSL, IPSEC and application and network-level security
- Multi-function hybrid VPN gateway: Combination of 2 & 3
Each of these classes of VPN gateways offers different levels of capabilities and control. Based on your enterprise-specific needs, one of these should provide the level of security you require.
The explosion of Web-based applications has created a requirement for SSL as a VPN technology to support secure data transfers across public or unprotected networks. The vendor community has responded by developing application-aware VPN gateways capable of supporting access control, security policies and network security within the VPN gateway itself. This supports secure access into the enterprise via a "gateway" technology that serves as a single threshold between protected assets and unwanted users or viruses.
Robbie Harrell (CCIE#3873) is the National Practice Lead for Advanced Infrastructure Solutions for SBC Communications. He has over ten years of experience providing strategic, business and technical consulting services. Robbie resides in Atlanta, and is a graduate of Clemson University. His background includes positions as a Principal Architect at International Network Services, Lucent, Frontway and Callisma.