847 KB | 3 files | DOC, PDF
Secure Socket Layer (SSL) Virtual Private Networks (VPNs) are a great way to facilitate secure remote access to your network. This guide covers the basics of SSL VPNs and will help you evaluate this technology.
Secure Sockets Layer (SSL) virtual private networks (VPN) provide secure remote access to an organization's resources. A VPN is a virtual network, built on top of existing physical networks, that can provide a secure communications mechanism for data and other information transmitted between two endpoints. Because a VPN can be used over existing networks such as the Internet, it can facilitate the secure transfer of sensitive data across public networks. An SSL VPN consists of one or more VPN devices to which users connect using their Web browsers. The traffic between the Web browser and the SSL VPN device is encrypted with the SSL protocol or its successor, the Transport Layer Security (TLS) protocol. This type of VPN may be referred to as either an SSL VPN or a TLS VPN.
This guide uses the term SSL VPN. SSL VPNs provide remote users with access to Web applications and client/server applications, and connectivity to internal networks. Despite the popularity of SSL VPNs, they are not intended to replace Internet Protocol Security (IPsec) VPNs.1 The two VPN technologies are complementary and address separate network architectures and business needs. SSL VPNs offer versatility and ease of use because they use the SSL protocol, which is included with all standard Web browsers, so the client usually does not require configuration by the user. SSL VPNs offer granular control for a range of users on a variety of computers, accessing resources from many locations.
This publication discusses the fundamental technologies and features of SSL VPNs. It describes SSL and how it fits within the context of layered network security. It presents a phased approach to SSL VPN planning and implementation that can help in achieving successful SSL VPN deployments. It also compares the SSL VPN technology with IPsec VPNs and other VPN solutions. This information is particularly valuable for helping organizations to determine how best to deploy SSL VPNs within their specific network environments.
The attached Zip file includes:
The purpose of this document is to help organizations understand the process for vetting the security of mobile applications, plan for the implementation of an app vetting process, develop app security requirements, and understand the types of app vulnerabilities and the testing methods used to detect those vulnerabilities. ... More >>
This guide provides an in-depth look into mobile devices and explains technologies involved and their relationship to forensic procedures. ... More >>
This excerpt from chapter 6 looks at the use of Wi-Fi-enabled mobile medical devices in health care settings. ... More >>