IoT Glossary

What is a SSL VPN?

SSL VPN refers to a VPN that uses a software protocol, Secure Sockets Layer. It allows remote users to securely access corporate networks.

What is a SSL VPN?

SSL VPN refers to a virtual private network (VPN) that uses a particular software protocol, Secure Sockets Layer (SSL). For businesses, this type of VPN enables remote users to securely access a corporate network using an ordinary web browser, without having to install specialist applications on each device.

Discover more about VPN SSL technology, its advantages and drawbacks, and learn how it can provide secure connectivity for scattered users.

What is SSL VPN?

A VPN provides a secure connection between user devices and one or more servers, without the need for a physical connection, effectively creating a private communication ‘tunnel’ across the public internet.

In any VPN model, when data packets are transmitted by a device, they are encrypted before they reach the internet service provider (ISP) layer and are subsequently decrypted on the server side. Data packets flowing from the organisation’s server to the device follow the same path, but in reverse.

Data packets flowing from the organisation’s server to the device follow the same path, but in reverse. This encryption/decryption procedure requires an agreed set of rules (i.e. a protocol). ‘SSL VPN’ indicates that the VPN service relies on the SSL (secure sockets layer) protocol for securing communications. In reality, SSL has now been largely replaced by an evolved protocol called Transport Layer Security (TLS). However, VPN models using TLS are still generally referred to as SSL VPN.

What are the different styles of SSL VPN?

There are two categories of SSL VPN:

SSL Portal VPN

With this SSL VPN variant, the ‘portal’ in the title is essentially a gateway to an organisation’s services that are accessed via a website. The user visits the organisation’s VPN website and enters their credentials to set up a secure connection. The user can then access web-based applications and services defined by the organisation.

SSL Tunnel VPN

With this, the ‘tunnel’ is a circuit established between the remote user and the VPN server. It enables the user to access not just web-based materials, but also networks and software that cannot be accessed directly over the internet.

Usage

If users simply need a way of accessing your web-based files, applications and cloud storage, the portal model should meet your needs. If they need to use corporate software or require access to proprietary networks that are not accessible over the internet, the tunnel variant will probably be a better fit.

How does SSL VPN work?

SSL VPNs rely on the TLS protocol to enable devices to securely access corporate networks. This protocol works as follows:

Communication is instigated with a ‘TLS handshake’, in which the device and server open a connection.

  • This TLS handshake also involves the two parties creating randomly generated session encryption keys, which are used to encrypt and decrypt all communications. New keys are generated for each new connection session.
  • The TLS protocol authenticates the device user. A message authentication code is also included with transmissions to ensure data has not been intercepted and layered in transit.
    At the server level, it is possible to build tunnels to specific applications. For businesses, this makes it easier to control user access, by restricting users’ connections only to those applications they have permission to use, rather than the entire corporate network.

What is the difference between IPsec VPN and SSL VPN?

For encryption protocols, IPsec (Internet Protocol Security) is the main alternative to SSL. This VPN method dates back to the 1990s and remains widely used.

IPsec operates at the network layer. In practical terms, this usually means that devices require the installation of dedicated hardware and software to connect to the network.

By contrast, SSL (and TLS) operate at the transport layer. An SSL VPN connection can be instigated through the user’s web browser without the need for any special software or hardware add-ons. All the main web browsers (e.g. Chrome, Firefox and Safari) come with SSL support.

In IoT networks, IPsec VPN is commonly used to secure the persistent data connections between the Enterprise network and the mobile service provider networks. An SSL VPN is often used to provide a secure communication link for administrators to remotely access the mobile service provider infrastructure for configuration or maintenance type work on an ad-hoc basis.

What are the advantages and disadvantages of SSL VPN?

Advantages

Deployment

IPsec VPNs usually require the installation of dedicated software on user devices. Especially for a large, scattered user-base, this can be complicated and expensive to set up. With SSL, users only need a web browser. Where a business wants to deploy a virtual network rapidly, without the need for additional installations, SSL VPNs are a very attractive option.

Ease of use

Once the network is deployed, a top priority for many businesses is to enable ongoing, secure connectivity for users, without having to field lots of technical queries. With SSL, there’s no need for ordinary users to worry about proprietary software configurations or updates. So long as they have an up-to-date browser in use, they are good to go.

Access control

IPsec is primarily designed to provide remote users with secure, comprehensive access to a network. A user can access not just file directories and programs but also things like printers and backups, as if they were in the office — IPsec is a good option if you want to create a ‘mirror’ office environment for remote workers.

However, with SSL VPN, it’s much easier to create tunnels to specific applications. This gives you fine-grained control over individual network access on a ‘need to know’ basis.

Disadvantages

Browser requirement

In order to implement an SSL VPN, devices require a web browser. For businesses, it’s a viable VPN option for items such as laptops, mobile phones, tablets and items such as user-operated control units, trackers and some point-of-sale equipment. However, for sensors, monitors, wearables and other IoT devices that do not have web browsing capabilities, its usage isn’t possible.

Security

SSL VPN enables ‘split tunnelling’, which lets a user’s device route some of their traffic through an encrypted tunnel, while still retaining direct access to the public internet. This means users get encrypted access to sensitive corporate materials, while still enabling them to use general internet resources without a drop-off in speed and performance.

The flipside is that split tunnelling can enable hackers to use the unsecured channel as an intermediary in an attack. More widely, compared to the IPsec model, an SSL network can be more susceptible to malware attacks. It’s important for users to ensure their browsers are updated to help reduce the risk of such attacks.

What are the uses of SSL VPN?

SSL VPNs are useful for providing remote users with access to defined parts of your corporate network. If a user needs access to all areas (e.g. senior team members), then an IPSec VPN might be a better fit.

However, the beauty of SSL is that it’s much easier to control which applications and programs users have access to. Therefore, it is a good option for providing remote access to junior or temporary workers, project partners, contractors, as well as customers.

Why is an SSL VPN important?

With the continued growth of remote and ‘blended’ working arrangements (where teams split their time between home and office), businesses need simple yet secure ways for individuals to access corporate assets, wherever they may be based.

The SSL VPN model can make it easier for individuals to make that connection, while also giving you full control over permissions and data access.

Find out more

For an expert assessment of your connectivity needs and to discover the best fit M2M options for your business, speak to Wireless Logic today.

For more information about a wide range of IoT connectivity options, explore our glossary.

Wireless Logic

[contact-form-7 id="fd7df5e" title="WP - Gated Content - New one for Jen"]

[contact-form-7 id="20126" title="Generic Sales Contact V2"]

[contact-form-7 id="19345" title="Trial Request"]