Companies today must be able to balance providing ubiquitous access to their users for maximum productivity while enforcing strict security measures to protect their valuable corporate resources.
In the early 1990s, there were only limited options to extend the availability of the enterprise's network beyond the boundaries of the corporate central site, comprised mainly of extremely costly and inflexible private networks and leased lines. However, as the Internet grew, it spawned the concept of virtual private networks (VPNs) as an alternative. Most of these VPN solutions leveraged free/public long-haul IP transport services and the IPSec protocol. VPNs effectively addressed the requirements for cost-effective, fixed, site-to-site network connectivity; however, for mobile users, they were, in many ways, still too expensive, while for business partners or customers, they were extremely difficult to deploy. It is in this environment that SSL VPNs were introduced, providing remote/mobile users, business partners and customers an easy, secure manner to access corporate resources through the internet and without the need to pre-install a client. The earlier remote access technology, an IPSec VPN client, has been a weak security link for many corporations because it offers IT administrators little control over infected users entering the network. The original design of the IPSec VPN protocol was to connect one private network to another with the assumption of both networks are secure with the same security policies. However, network viruses and worms can propagate rapidly and widely through a geographically extended VPN. This is especially pertinent when users are partners connecting from their office PCs and remote devices which are not a part of a company’s controlled network. In contrast to IPSec-based methods, SSL VPNs have more sophisticated controls for protecting the network. Unlike IPSec VPNs, SSL VPNs offer control at the user, application, and network level with awareness of the security health status of connecting end nodes. For example, a connecting computer can be scanned to ensure it meets corporate security requirements. Based on the knowledge of who the user is and which computer he/she is using, the SSL VPN can grant appropriate access rights and audit at a granular level, showing the precise resources accessed. With all these benefits, it is small wonder that SSL VPN technology is being seen as the best means to connect remote users, in addition to partners and customers. SSL VPNs provide connectivity via Secure Sockets Layer, which is part of all standard Web browsers. The power of SSL-based solutions meet the need for scalable remote access deployments, with the ability to provide access to all applications such as client/server applications and access to the complete network, as well as clientless connectivity to telnet/SSH hosted servers, complex Web applications, files, and more. SSL VPNS provide a valid means to deliver “whole enterprise access,” regardless of where the user is coming from and whether they have a dedicated laptop or not. In addition, the Juniper Networks Secure Access appliances with the Secure Meeting Option provides secure anytime, anywhere cost effective online Web conferencing and remote control.
Juniper leads the SSL VPN market with a complete range of appliances that meet the needs of companies of all sizes (from small and medium businesses granting access to remote/mobile employees, to large, global enterprises providing extranet portals for their partners, and customers, as well as service providers that use SSL VPN as a remote access solution for their own users and/or providing SSL VPN as a managed service offering to their customers). 2) The products use SSL, the security protocol found in all standard Web browsers. SSL eliminates the need to deploy pre-installed client-software on desktops, laptops, or mobile devices. In addition, it requires no changes to internal servers, and dramatically reduces maintenance and support costs compared to other remote access solutions such as IPSec. 3) All remote users need is a valid username and password and a web browser. Juniper’s SSL VPN solution not only verifies the user, but also that the device meets enterprise security requirements. If devices are deemed a risk based on predefined corporate policy, user access can be denied or severely restricted. 4) Once both the user and device pass verification, Juniper’s SSL VPN opens up a secure path that keeps communications and data both private and intact, using the strongest encryption methods available today. 5) Juniper SSL/VPN is a cost-effective and reliable solution for businesses looking for a secure backup in the case of a natural disaster such as a snowstorm or a flu pandemic. If workers cannot get to the office, a special licensing option, that will meet the spike in remote access demand, grants access to stranded employees, making sure they stay connected.
Virtualization is a hot topic these days as a way of reducing costs for companies. SA v6.5 interoperates with Virtual Desktop Infrastructure (VDI) products, including VMware's View Manager and Citrix’s XenDesktop. This integration with VDI products enables administrators to deploy virtual desktops alongside the SA Series SSL VPN Appliances. SA v6.5 delivers a centralized point of configuration for administrators to configure remote access policies for virtual desktop access through leading virtualization products from VMware and Citrix. It also provides users with a VDI client with which to access the virtual desktop and provides flexible client fallback options, simplifying deployment and management for administrators.
Pre-authentication information Authentication Policy Role Mapping Resource Authorization Policy Browser Type Time Place Digital Certificate Endpoint Security (Host Check) Source IP Address Interface Type Sign-in URL Permit/Deny Authentication Policy Establish authentication level Enforce authentication & password policy Based on Cert Attributes Device Attributes Network Attributes Determine session role(s) Establish session access settings Establish session UI Based on Session Attributes User Attributes Device Attributes Network Attributes Dynamic permit/deny policy Granular resource controls (URL, file, or server) Based on: Role(s) Session Attributes User Attributes Device Attributes Network Attributes
In 2008, over 7 million new programs discovered; in 2007, it was over 5 million* *Source: 1985-2008 AV-test.org report 40% more effective at blocking, detecting and removing spyware threats than competitors