Recently I have received questions more and more about remote access and security strategy. Remote access is just too inexpensive to do incorrectly. A well made remote access decision can set the tone for security strategy for years into the future. The functionality offered by different products and vendors makes remote access decisions appear complicated. So yes…….. one can run remote access through current UTM firewalls and most non UTM firewalls. The issue is that this is not granular based access control that a dedicated appliance gives an organization. Firewall remote access is simply traditional IPSEC Access OVER SSL, and this is not the same as an SSL VPN. The reasons a CIO wants a dedicated SSL VPN especially a strong product like Sonicwall are:
- Integration to AD (the core of security). If AD/ LDAP is the core element of your security strategy which it ought to be then a dedicated SSL VPN is necessary.
- An AD Centric security strategy will support Cloud Deployment Initiatives and a SSL VPN can be deployed as a Step 1 access control method when deploying applications into the Cloud.
- Support of RDP, Citrix, VMView, Sharepoint, OWA, etc. Not all SSL VPNs are created
equal. Review your applications and deployment methods before aquiring a remote access device. Not all SSL VPNs will really get into the weeds needed if you are a Citrix shop for example. By the way Citrix does not have the best SSL VPN product to support their own application delivery platform.
- SSL VPNs give one the broadest access control and functionality options without limiting oneself
- Don’t overload the firewall (even if it a UTM)
- Bridge business partners into your network for access to applications, databases, or files that they actually need.
- Proxy OWA, Sharepoint, and other internal applications
- Great end-point security scanning options if you want to ensure that a laptop is company issued
- Great end-point security options to make sure that the endpoint meets spyware, malware, AV
- Great integration with 2 factor Authentication options like RSA for example
If you want to see more of the functionality of a dedicated SSL VPN from my favorite product you can review the download attached to this blog post made by SonicWall. Check out the text based 2 factor Auth built right into the box native. It is a neat little feature