Subscribe to the Free Print Edition!
Celebrating 25 Years

GCN Home > 07/23/07 issue

Secure that line!

Sidebar | SSL VPN: The key to local security, too?

By Greg Crowe

Secure Sockets Layer virtual private networks are rapidly becoming the most universally used method for remote access to a network. Encapsulated, encrypted packets via the Internet are the most effective means for an external client to securely communicate with a network. But what about the local user?

The established method for local users involves logging in to a computer on the subnet and comparing the user name/password combination to a list of users. The method is universal, and it has done pretty well by us all so far. But increased use of wireless networking — and the persistence and skill of potential hackers — has made it necessary to start rethinking this strategy.

Network Access Control (NAC) is a security solution that controls which network resources and applications authenticated users can access based on their identity, the computer they are using and how that computer connects to the network. This level of access can even change during a connection, depending on the behavior of the connecting computer.

All you administrators are probably thinking this sounds too good to be true. Well, in a sense, it is — for now. Many companies offer solutions under the NAC label with widely varied capabilities, so it is easy to get an NAC product that is not optimal for your needs.

An SSL VPN is essentially an NAC solution for remote users, and many experts recognize it as such. Although the network does not regulate the connecting computer’s behavior, administrators can restrict access to network applications or resources using the VPN permission settings. That’s why many believe the technologies and processes used by an SSL VPN can easily be turned into an NAC for all users, whether in the office or on the road. That would put organizations that currently employ an SSL VPN one step ahead on the road to NAC.

The future is difficult to divine, of course, but transition from SSL VPNs to total NAC seems to be a logical step. Perhaps as early as next year, we will be looking at SSL VPN-type devices to protect local networks instead of just remote connections. Officials at more than one company in this review suspect that this could be the future, so we thought it would be worth mentioning. You wouldn’t want to be left out in the cold when the winds of change start blowing, and a secure network means a local NAC appliance.

Previous << 1 2 3 >> Next

More news on related topics: Communications / Networks, IT Security, Hardware



GCN Popup