- Protecting yourself from a new online scam
- Diary of a deliberately spammed housewife
- Silly Internet traditions: A concise history
- How to avoid laptop loss at the airport
- Top 10 worst uses for Windows
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
With more and more WAN optimization vendors extending their capabilities to include encrypted traffic, corporate IT executives have a decision to make: Should they trust the security these devices provide?
Rather than passing through SSL sessions between clients and servers located in remote data centers, some WAN optimization gear can terminate the SSL sessions, shrink the traffic and re-encrypt it for the next leg of the trip. These chains of encrypted sessions introduce potential vulnerabilities that different vendors address in different ways.
SSL traffic represents a growing percentage of total traffic on WAN links, according to Forrester Research. So SSL support in WAN optimization appliances will become more important to businesses that want to keep traffic secure while minimizing the size of their WAN links.
In a survey last month of 1,300 IT executives by WAN-optimization vendor Blue Coat Systems, one-third of respondents said that 25% of their WAN traffic is SSL. And of those surveyed, 45% plan to roll out more SSL applications this year.
About a third of all WAN traffic at Richardson Partners Financial Ltd. in Toronto is SSL, says Andrew McKinney, director of technical services for the firm. But if only the urgent business traffic is considered, the percentage is much higher. “For critical business traffic, it’s all encrypted,” he says. So he uses Blue Coat Systems gear to secure traffic and optimize it for good performance.
But first he got the devices in and grilled the vendor about the security at each point of the proxy chain until he was satisfied it would keep the firm’s data safe. “Our big concern was that we would have control of what was being cached,” he says. He didn’t want sensitive data left on the disk of the Blue Coat appliance.
“We wanted to be sure the data could be flushed as we required but also that it was securely being stored. In the end we were satisfied,” McKinney says.
So far, just three vendors - Blue Coat, Certeon and Riverbed Technology - offer SSL acceleration on their appliances, and the capability is also on the road map for Juniper Networks and Silver Peak.
Such devices sit at both ends of WAN links and perform a number of functions that serve to speed up transaction times. These include optimizing TCP sessions, enforcing QoS, byte-level pattern matching and protocol optimization.
The Diane's of the industry should be acknowledged for their understanding of why products fail when...- Anon
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comments (2)
SSL AccelerationBy charl6f on November 27, 2007, 1:38 amWe are finding that with the increasing amount of SSL traffic between the host and remote offices, the ability for a WAN Acceleration device to accelerate this traffic...
Reply | Read entire comment
RE: Balance sought for SSL WAN optimizationBy Edward Seth on August 27, 2007, 10:33 pmWell, wouldn't the Certeon System be the most secure?
Reply | Read entire comment
View all comments