Ray wrote:
I have never understood the statement that SSL VPNs are inherently safer. Would
someone please tell me why you think they are?
I've used Connectra and Juniper Secure Access. In both systems you're simply
limiting what the source can get to based on rules for the destination. It's
nothing more than I can do with SecureClient, and in fact it's less than I can
do.
A secure client user can disable the security policy you push to his
computer and voila, full network access.
I can't speak for Connectra (for which I can't say I like it), but with
the SA from juniper you can set it up to "talk" to their IDP solution
and if the IDP finds something suspicious on what the user is trying to
do it can signal to the SA to tear down that session which is something
very cool from my point of view.
Now, if you talking SSL VPN versus Microsoft PPTP or L2TP, then yes, SSL VPN is safer but only
because you've paid for the capability to control where the endpoint can go and what you can log.
"Free" as in "It's included with Microsoft Server" comes with a high price in
terms of manageability.
The only advantage I can see is that the client software is pushed instead of
pulled IF the end user has admin rights.
it can work from almost anywhere where you can do HTTPS, which is a big
plus when you're in a hotel or when you're natted behind the same subnet
that you use for your office network (this way you can very easily avoid
ipsec overlap).
Any enlightenment would be appreciated.
hth :)
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
