Hybrid Secure Sockets Layer/IP Security

 
 
By H. Peter Felgentreff  |  Posted 2010-04-06 Email Print this article Print
 
 
 
 
 
 
 


Hybrid Secure Sockets Layer/IP Security

Arguments for both VPN clients, Secure Sockets Layer (SSL) and IP Security, have been an ongoing debate for quite some time now. There is a clear argument for both uses under different situations; however, one is not more advantageous than the other. Regardless of a user's access, an enterprise solution should support both SSL and IPSec-each is used for particular reasons. It is necessary to consider a user's network access around mobility, productivity and policy needs rather than limit these with a biased technology choice.

Under certain scenarios, IPSec is better suited, especially for those who are permanent employees and would like the option to work one-to-one while away from the office. SSL is better suited to external users such as customers and suppliers who need only sporadic network access. Traditional IPSec can be difficult because of established policies such as firewall settings and they are "thick clients." However, while "clientless," SSL only allows for simple tasks such as e-mail.

Companies need to rethink their networks with this hybrid model in mind and support both IPSec and SSL-not one or the other. A hybrid of SSL and IPSec VPN tunneling provides employees with secure external communication in each remote access environment-with and without VPN client software. Employees can either be fully integrated in a centrally-managed IPSec VPN or through a "clientless" company Internet connection.

Network Access Control

Using conventional technologies such as firewalls or intrusion detection is no longer enough to control threats. This is especially true as employees continue to adopt mobility trends. Network Access Control (NAC) features monitor and regulate every single remote access to the company network by identifying each device and checking conformity with the company's security policy.

Security guidelines and parameters are established according to the company's remote access policy. Unknown or suspicious devices (such as devices with expired antivirus software or an unrecognized PDA) are quarantined if they are deemed non-complaint and excluded from the network.

This is an important buffer for organizations-especially for those who have regulatory and compliance rules to which they have to adhere. Without NAC, employees whose devices are non-compliant will access the network and infect it. As the number of remote access users increase, this issue may spiral and cause a bigger problem. NAC features make certain that remote access clients comply with the company's security policy.

For example, they make sure that operating systems are acceptable, required patches are installed, most recent antivirus engines are installed, and the most recent signature is available. Without NAC, a device could damage an entire network, costing the company additional money and time. Consider this feature when you reconsider your remote access policies.

H. Peter Felgentreff is President and CEO of NCP engineering, Inc. Peter has more than 20 years of experience in the enterprise security and software industries. Prior to joining NCP, Peter drove worldwide sales as vice president for Kerio Technologies. He has held similar leadership positions with many prominent security companies including ShieldIP, Zone Labs and Aladdin Knowledge Systems, Inc. He can be reached at peter.felgentreff@ncp-e.com.




 
 
 
 
H. Peter Felgentreff is President and CEO of NCP engineering, Inc. Peter has more than 20 years of experience in the enterprise security and software industries. Prior to joining NCP, Peter drove worldwide sales as vice president for Kerio Technologies. He has held similar leadership positions with many prominent security companies including ShieldIP, Zone Labs and Aladdin Knowledge Systems, Inc. He can be reached at peter.felgentreff@ncp-e.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel