Questions to ask when considering SSL remote access

Whenever you buy technology that is new to you there can be surprises, and Secure Sockets Layer remote access technology is no exception.

It’s easy to get the concept of what it does – enabling secure remote access over the Internet using a standard Web browser as the client software for the remote machine – but there are hosts of subtleties that you might not think to ask about.

One vendor of such gear, NetScaler, has published a list of possible factors you might not otherwise think to ask about when considering SSL remote access technology. I’ve included the list below and have added a few considerations of my own. If you have others based on your own experiences, please send them to me (tgreene@nww.com) so you can share them with others.

* Does the SSL termination device limit the number of instances of a particular application that remote users can access? If so, it could cause bottlenecks.

* Can it handle applications that pick TCP ports randomly? If not, this may limit the applications that can be accessed.

* What are the limits to the types of applications the remote machine can reach with only the SSL capabilities of the browser and no other client software?

* Is traffic between the SSL remote-access gateway and application servers encrypted?

* Does the gateway decrypt traffic and screen it for attacks?

* Does the gateway alter the configuration of the remote browser to initiate an SSL remote access session?

* Does the SSL system cleanse the client machine of any files or other secure data that may be downloaded to the machine during a remote access session?

* Is there associated management software to audit access to servers?

* Can the system check the security configuration of the remote machine?

* How strong are the authentication options it offers?

That’s 10. Please send more.