- Protecting yourself from a new online scam
- Diary of a deliberately spammed housewife
- Silly Internet traditions: A concise history
- How to avoid laptop loss at the airport
- Top 10 worst uses for Windows
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
The Secure Sockets Layer VPN market brings together many technologies to accomplish the goal of secure remote access. Understanding the strengths and limitations of SSL VPNs means knowing the meaning of four critical terms: proxying, application translation, port forwarding and network extension.
SSL VPN devices all start with at least one function: proxying Web pages. For the SSL VPN system that means connecting to a Web server, downloading a Web page and shipping it back over an SSL connection to the end user's browser. The devil is in the details, but it's pretty easy to understand.
Things get complicated when you start talking about anything other than a Web page. The next step up in complexity involves application translation. A good example of this is how SSL VPN devices treat file servers. The SSL VPN device will talk the native file server protocol, such as Microsoft's CIFS or FTP. But the application protocol is translated by the SSL VPN device from FTP or CIFS on the inside, to HTTP and HTML on the outside so that the end user sees the file server as if it were a Web page, in effect "Webifying" the application.
Application translation works for some things, but not for others. Some applications, such as Microsoft Outlook or instant-messaging tools, have a particular look and feel that is lost during the translation to a Web-based interface. This brings us to port forwarding, a technique that works for well-defined applications. Port forwarding requires a very small application that runs on the end user's system, often a Java or ActiveX tool. The port forwarder listens for connections on a port that are defined for each application. When packets come in on that port, they are tunneled inside of an SSL connection to the SSL VPN device, which unpacks them and forwards them to the real application server. To use the port forwarder, the end user simply points the application he wants to run at his own system rather than the real application server.
Port forwarding is a very effective technique, but it also has some severe limitations. For port forwarding to work, the applications need to be well-behaved and predictable in their network connectivity patterns and needs. Although there are port-forwarding tools written in Java that work across platforms, our experience was that port forwarders tend to be platform-specific.
I also lost internet access, and resorted to "uninstall KB951748 & KB951978". Access returned. Tried...- Anonymous
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comment