IPSec vs SSL
Tyler Durden
camera_lumina at hotmail.com
Tue Aug 5 09:38:38 PDT 2003
Continued proliferation of commercialized technologies. I also saw an add in
Business week for a Blacberry-enabled Palm Phone. Mobile security and
"Triple DES" were explicitly mentioned.
No doubt 'permissionless' approaches ocasionally yield useful fruit, but the
IP-->VC$$$-->Startup route is at least as important.
-TD
AUGUST 04, 2003
PREVIOUS NEWS ANALYSIS
SSL Players Get Feature-Happy
--------------------------------------------------------------------------------
Aventail Corp. and Neoteris Inc. are upgrading security gear to keep pace
with virtual private networking (VPN) rivals that have focused on IPSec
technology.
Today, the companies made separate announcements regarding new features to
their clientless Secure Socket Layer (SSL) VPN solutions (see Neoteris
Expands SSL Access and Aventail Upgrades VPN Kit ). In an effort to build
products that can eventually replace IPSec VPNs, they've each added broader
application support, a key issue for SSL VPNs.
The move is important because SSL gear risks becoming somewhat generic; more
features will be needed to keep pace with technologies such as IPSec.
For Aventail and Netoeris to succeed they need to become a full replacement
for IPsec, says Michael Suby, senior research analyst with Stratecast
Partners. Theyve got to prove that SSL holds more value, is just as
secure, costs less, and is easier to manage than IPSec.
IT managers today have two choices when it comes to secure remote access.
They can deploy IPSec clients on individual laptops, desktops, and mobile
devices, or they can use an SSL solution, which utilizes encryption
capabilities built into browsers and does not require a client-side software
installation other than the browser.
Each solution has its pros and cons. Its a tradeoff between the simplicity
of SSL VPNs and the security of IPSec VPNs. Emerging SSL VPN technologies
generally deliver secure access to more places at a lower total cost of
ownership, because they include less administrative overhead. But these
benefits typically come at the cost of important features already available
in IPSec solutions, like strong desktop security and broad application
support. As a result, most companies use a combination of the technologies,
depending on the application.
Some IPSec vendors are starting to add SSL technology. To combat this trend,
Aventail and Neoteris are taking SSL VPNs to the next level with enhanced
support for additional applications.
Neoteris has added a new product it calls Network Connect. Instead of
creating a secure tunnel for a particular application, Network Connect
creates a tunnel for a network connection. Just like an IPSec network
tunnel, this allows users access to the entire network, including complex
applications like streaming media and voice over IP. But unlike IPSec, the
company asserts that a full-fledged client is not required on end-users
devices, making it easier to manage and deploy.
The company also announced that it has developed application programming
interfaces for integration with security products from other companies like
InfoExpress, Network Associates Inc. (NYSE: NET - message board), Sygate
Technologies Inc., and Zone Labs. And it has fully integrated features from
Network Associates and Fortinet Inc. to provide anti-virus support on its
appliances.
Aventail has also added new capabilities to its OnDemand 3.0 product that
will expand the type of applications it can support. For example, it will
now support dynamic traffic redirection, which allows it to identify and
secure traffic by domain, IP range, or subnet. This eliminates the need for
making unnecessary changes to IT infrastructure like the domain name
servers, desktops, or applications. OnDemand 3.0 also now includes support
for dynamic port assignments. This allows it to support applications that
use a complex, changing range of ports, like those from SAP AG
(NYSE/Frankfurt: SAP - message board) and Siebel Systems Inc. (Nasdaq: SEBL
- message board).
But the competition from incumbent equipment providers is heating up. Nortel
Networks Corp. (NYSE/Toronto: NT - message board), which also sells an IPSec
solution in its Contivity product line, has continued to add new SSL VPN
features to its Alteon Web switch (see Nortel Expands Security Portfolio ).
Nokia Corp. (NYSE: NOK - message board), a leader in mobile/wireless
devices, announced SSL VPN support this summer (see Nokia Sweetens SSL ).
Cisco Systems Inc. (Nasdaq: CSCO - message board) is also expected to make
an SSL announcement soon. NetScreen Technologies Inc. (Nasdaq: NSCN -
message board) is supposedly shopping for a startup to buy (see NetScreen
SSL Move Likely ). And Check Point Software Technologies Ltd. (Nasdaq: CHKP
- message board) is likely to evolve its current SSL solution.
When you have Cisco, Check Point, Nokia, and Nortel all with something in
this market and all with channel distributors, its tough competition for a
small private company, says Stratecast's Suby. You can be a niche player
for SSL, but these small private companies are going to have to tie their
wagons to a large IPSec vendor or some other kind of vendor.
Consolidation has already started happening. F5 Networks Inc. (Nasdaq: FFIV
- message board), a load balancing appliance vendor, announced two weeks ago
that it was acquiring SSL startup uRoam (see F5 Buys Into SSL VPNs ).
There is still a long list of SSL VPN suppliers out there including:
Array Networks Inc.,
Aspelle Ltd.,
Netilla Networks Inc.,
NetScaler Inc.,
SafeWeb Inc., and
Whale Communications Ltd.
Marguerite Reardon, Senior Editor, Light Reading
_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
More information about the cypherpunks-legacy
mailing list