SSL VPN Fundamentals¶
SSL VPN Introduction¶
Technology Overview¶
SSL VPN Mode¶
Clientless¶
Thin Client¶
- Designed for those non-web based applications that have static tcp port
- Uses Thin Client for supported protocols (such as Telnet, SSH_, RDP_, VNC_)
- Uses Java applets/ActiveX Plugins so clients must have Java installed on their PC
- Popup blockers can also cause problem
- Arbitary ports can be supported through the use of smart forwarding
Thick Client¶
- Requires installation of software on PC
- Not suitable for non-managed devices
- Requires Java/ActiveX installed for installation
- Provides all functionality as if user was on the LAN (assuming permitted over the VPN)
- Policies can be managed centrally
SSL VPN Connection Process¶
# Client initiated connection to server and requests a secure connection # Client provides a list of supported encryption/integrity algorithms (Cipher suite) # TLS server replies with a cipher/hash function it also supports # Server also sends back it’s identity in the form of a digital certificate that should be provided from a trusted CA of the client. The servers public encryption key is also sent. # Client confirms validity of certificate and generates a session key # Client encrypts session key with the services public key and sends it to server # Server decrypts session key and begins encrypted session