SSL (Secure Sockets Layer) VPNs

Originally developed by Netscape as a way of ensuring the security of e-commerce transactions, SSL has become a low-cost alternative to IPSec-based virtual private networks.

Browser-based SSL alternatives require little or no software on remote PCs, and in most cases any PC with a browser can be used to make the secure connection, as long as the user can authenticate to a central server. And SSL firewall ports that the traffic uses are generally left open, so firewall reconfiguring is usually unnecessary. The idea is that SSL's simplicity translates into an easier installation and long-term cost savings because of simpler ongoing support. This contrasts with IPSec-based VPNs, which require a dedicated IPSec client on each remote machine.

The SSL standard is not a single protocol, but rather a set of accepted data transfer routines that are designed to protect the integrity of transmitted messages.

SSL relies on certificates - digital identification cards - and keys. Certificates include the name of the certificate authority that issued the certificate, the name of the entity to which the certificate was issued, the entity's public key, and time stamps that indicate the certificate's expiration date.

Two types of keys are used as ciphers to encrypt and decrypt data. Private keys are issued to entities and are never given out. Public keys are given out freely. Both keys are necessary for authentication routines. Data encrypted with the public key cannot be decrypted with the same key: The private key must be used.

Additional resources

SSL tutorial

SSL VPN Buyer's Guide
Detailed SSL product and technology information.

Network World Security Research Center.