SSL VPNs and Other Miscellaneous Bits & Pieces

Maintained by Tina Bird

Last modified: 28-Apr-2003 14:00


tbird's overview of the SSL VPN market (5 Feb 2003) I looked at Neoteris, Aventail & Alteon. My basic conclusion is that these products are useful in a limited sense -- if you need to secure Web based applications -- but that in many ways the vendors haven't "finished" their job. Unlike other TCP-based products (V/TCPSecure & AltaVista Tunnel), the SSL-based VPNs do not provide full client-to-network connectivity from a remote machine into the private environment. And these products do not address the significant risks to confidential information in the remote environment, nor do they protect against "piggy back" attacks from the remote system into the private network. All in all, probably not ready for prime time.

Response from Bennett Todd (6 Feb 2003)

Response from Keith (6 Feb 2003)

Response from Paul Cardon (6 Feb 2003)

Response from Richard Ginski (7 Feb 2003)

Response from Paul Cardon (7 Feb 2003)

Response from Marc VanHeyningen of Aventail (8 Feb 2003)

Response from shannong (8 Feb 2003)

A positive spin on the market: Simplifying virtual private networks (VPNs) by using the browser-based Secure Socket Layer (SSL) will instigate a fundamental change in the use of VPNs in enterprises, according to research from The Tolly Group. The research, co-sponsored by indirect-selling SSL security appliance vendor Netilla, found that 75 per cent of network managers believe enterprises will choose SSL VPNs when workers access the network externally, and expect the transformation to occur within two years (donated by Beth Friedman of Counterpane).


Crypto IP Encapsulation A "lightweight" protocol for encapsulating and encrypting IP traffic; not as flexible as IPSec, but good for LAN-to-LAN connections over the Internet.

Kaboodle A freeware "personal VPN" application -- launched in December 2002, still working on that whole documentation issue.

X-Bone, a Perl package used for automated VPN deployment, including IPsec management.

RADIUS Information about the Remote Access Dial In User Service, a commonly-implemented protocol for user authentication.

TACACS Frequently Asked Questions about the Terminal Access Controller Access Control protocol (who makes up these acronyms?), another public domain user authentication protocol.

Configuring SKIP on Conclave

Zebedee - a simple stand-alone program that enables encrypted, compressed TCP and UDP connections between two systems. Host-to-host tunneling; less fully featured than (for instance) SSH, but extremely easy to implement.

If you're using a Conclave Access Filter VPN server, be sure to configure your firewall to allow the following types of traffic between VPN clients and servers: