Advantages and Disadvantages of SSL

91 0 3 2

Advantages:

l  The client software does not need to be installed. In most cases, remote access based on the SSL protocol does not require the installation of software on the remote client device. Users only need to connect to the Internet through a standard web browser. That is, users can access the network resources of the enterprise headquarters through the web page. In this way, a large amount of costs can be saved from the purchase of software protocols, maintenance and management costs, especially for large and medium-sized enterprises and network service providers.

l  Applicable to most devices: The open system based on Web access can access any device through the browser, including non-traditional devices, such as mobile phones and tablet computers.

l  Suitable for most operating systems: Most operating systems that can run standard Internet browsers can be used for Web-based remote access, such as Windows, Macintosh, UNIX, and Linux. Users can full access intranet and Web sites and can easily obtain resources based on enterprise internal websites and apply them.

l  Supports network drive access: Users can access resources on the network drive through SSL VPN communication.

l  Good security: Web access based on SSL is not a real node of the network, just like the IPSec security protocol. In addition, users can access internal resources of the company through the web proxy. Therefore, this method can be very secure, especially for external users.

l  Strong resource control capability: Web-based proxy access allows the company to perform detailed resource access control for remote access users.

l  The firewall and proxy server can be bypassed: Users can use SSL to bypass firewalls and proxy servers to access corporate resources, which is difficult or impossible for remote access based on the IPSec protocol.

Disadvantages:

l  Limited support for new or complex web technologies: The SSL-based VPN solution relies on the anti-proxy technology to access the corporate network. Because remote users access the corporate network from the public Internet, the internal network information of the company is usually not only behind the firewall, but also usually in the space without the IP address routing table of the intranet. The work of anti-agency is to translate the requirements of remote user Web browsers, often using common URL address rewriting methods. For example, an internal Web site may use an internal DNS server address to link to other intranet links, and URL address rewriting must read the above link information correctly and rewrite these URLs so that these links can be routed through the anti-proxy technology, and when necessary, remote users can easily access the company's internal network by clicking on the route. It is extremely important for the URL address rewriter to fully understand the structure of the web page that is being transmitted. Only in this way can you correctly display the rewritten page and perform the correct operation on the remote user computer browser.

l  Limited support for Windows applications or other non-Web systems: Because most SSL-based VPNs work based on web browsers, remote users cannot perform non-web-based applications on Windows, UNIX, Linux, AS400, or large systems. Although some SSL providers have begun to merge terminal services to provide these non-Web applications, however, SSL VPN has not yet fully supported them.

l  Only limited security assurance is provided for access resources. When the SSL protocol is used for VPN communication through the Web browser, the external environment of the user is not completely secure. Because the SSL VPN encrypts only one application channel of the communication parties, instead of encrypting the entire channel between the hosts of the communication parties. During communication, it is difficult to ensure that other files are not exposed to external systems, which poses security risks.


  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login