We've deployed IPSec for business and SSL VPNs for maintenance/support. Based on my experience, SSLVPN is has the edge over security due to its Secure Workspace feature which does not allow the other party (employee/partner) to save anything on their computer (using whatever tricks). SSL VPN also has the advantage of user friendliness and transparancy, since the requirements are only browser and/or Java/ActiveX.
rgds, Ali HS http://www.linkedin.com/in/alihs On Mon, Jun 16, 2008 at 11:55 PM, Ray <[EMAIL PROTECTED]> wrote: > I have never understood the statement that SSL VPNs are inherently safer. > Would someone please tell me why you think they are? > > I've used Connectra and Juniper Secure Access. In both systems you're simply > limiting what the source can get to based on rules for the destination. It's > nothing more than I can do with SecureClient, and in fact it's less than I > can do. > > Now, if you talking SSL VPN versus Microsoft PPTP or L2TP, then yes, SSL VPN > is safer but only because you've paid for the capability to control where the > endpoint can go and what you can log. "Free" as in "It's included with > Microsoft Server" comes with a high price in terms of manageability. > > The only advantage I can see is that the client software is pushed instead of > pulled IF the end user has admin rights. > > Any enlightenment would be appreciated. > > Ray > >> they only have access to what you allow in your rulebase. >> if you don't trust neither this gateway nor the network behind, perhaps >> it's time to set up >> authentication or migrate to a vpn ssl solution. Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
