What is an SSL VPN?
A virtual private network (VPN) is a service that allows a user to establish a secure, encrypted connection between the public internet and a corporate or institutional network.
A secure sockets layer VPN (SSL VPN) enables individual users to access an organization's network, client-server applications, and internal network utilities and directories without the need for specialized software. SSL VPNs provide safe, secure communication via an encrypted connection for all types of devices, regardless of whether access to the network is via the public internet or another secure network.
All traffic between a web browser and an SSL VPN device is encrypted with either the SSL or transport layer security (TLS) protocol. Individual users of the SSL VPN do not have to decide which protocol to use for the VPN to do its job. Instead, the SSL VPN automatically uses the newest, most updated cryptographic protocol that has been installed on the user's browser. Users do not need to worry about updating the protocol on their browser either. Whenever a browser or an operating system (OS) is updated, the newest version of the protocol is updated along with it.
Types of SSL VPN
Let us have a look at the two major types of SSL VPNs.
SSL Portal VPN
In this type of SSL VPN, a user visits a website and enters credentials to initiate a secure connection. The SSL portal VPN allows for a single SSL connection to a website. Additionally, the user can access a variety of specific applications or private network services as defined by the organization.
Users can typically enter the gateway, or the hardware on a network that allows data to flow from one network to another, using any modern web browser, by entering the username and password provided by the VPN gateway service.
SSL Tunnel VPN
If an SSL tunnel VPN is preferred by an organization, the IT team will have to explain to employees what downloads or additional applications are needed for the system to work properly.
SSL VPN vs. IPsec VPN
For many years, VPNs relied on a technology known as Internet Protocol security (IPsec ) to tunnel between two endpoints. A heavyweight technology, IPsec uses a combination of both hardware and software to mimic the qualities of a computer terminal connected to an organization's local-area network (LAN), allowing access to anything that an internal computer could.
This is because IPsec works on the network layer of the Open Systems Interconnection (OSI) model and must be managed physically by network engineers rather than via software. Most IPsec VPN solutions require the installation of both special hardware and software for a user to gain access to the network.
The main benefit of this setup is the extra layers of security. When the network is protected not only by software but also by hardware, it is more difficult for cyber criminals to infiltrate the network and steal critical data.
Conversely, the downside of IPsec VPNs is that they can be expensive and cumbersome to buy, install, and maintain the licenses for both the hardware and software systems needed. In today's work-from-home environments, this type of setup would require the shipping of IPsec VPN hardware to each employee, instructing each on how to download the software and manage the usage, maintenance, and updating moving forward—a high level of responsibility and stress on the organization.
Instead, SSL is supported by most modern web browsers and does not require any additional installations. Because most devices, including smartphones and tablets, already have at least one browser installed, most individuals already have the “client software” necessary to connect to the internet through an SSL VPN.
SSL VPNs also have another major benefit—they allow tunneling to specific applications. This can be helpful when networkwide access is unnecessary. For example, certain employees or contractors might not need access to certain applications that others do. SSL VPN technology can ensure that those individuals receive different administrative access rights depending on their positions.
The ease of access provided by SSL VPNs usually means that only web-based applications are accessible through the VPN. In a world where Software-as-a-Service (SaaS) applications are the norm for everything from A/B testing to zero-trust networking, this will likely not cause a problem. However, to restrict certain employees from accessing specific applications, the involvement of IT staff is needed to authorize access. This could require additional cost.
Further, without additional software or hardware needed, the SSL VPN's biggest security risk is in the browser itself. Malware attacks, including man-in-the-middle (MITM) attacks and adware, usually target browsers. Therefore, employees must be trained on what to look for in the browser to avoid inadvertently downloading malware intended to spy on their behavior or steal sensitive data.
Why are SSL VPNs Important?
SSL VPNs are now more important than ever. As work-from-home orders have required tens of millions to convert their home to a worksite, employees use their home internet connection to access the corporate network, every day and all day. The same goes for students, who may have had little need for the internet to complete school work but now rely on strong, secure connections on a daily basis.
As more and more people use the public internet for work and school, the incidences of fraud are on the rise. One study, based on government data and reported by Reuters, found that COVID-19-related losses totaled close to $100 million. Clearly, cyber criminals realize that more and more people are connecting to the internet via potentially weak, unsecured connections. As such, they use a range of malicious strategies to disrupt the regular work or school day.
Organizations must offer a safe, secure internet experience for their employees and students, which means a VPN solution must be both easy to use and scalable. Luckily, SSL VPNs can be used by individuals with little to no enterprise computing experience, are accessible from any device, and can be configured to be just as safe and private as the IPsec VPN protocol that preceded it.
With VPNs, businesses and schools can have peace of mind and continue to allow employees and students to work and study from home while being protected from cyberattacks. Further, because the internet and VPNs are location-agnostic, it matters little where individuals choose to connect to the internet. As such, employees and students can work from anywhere safely and securely.
How Fortinet Can Help
The FortiGate IPsec/SSL VPN solutions include high-performance crypto VPNs to protect users from threats that can lead to a data breach. Fortinet VPN technology provides secure communications across the internet regardless of the network or endpoint used. Wherever employees are based, no matter how they connect to the internet, Fortinet VPN technology keeps the entire organization secure.
Using both IPsec and SSL technologies and leveraging FortiASIC hardware acceleration, the Fortinet VPN provides the strongest performance for delivering the highest levels of data privacy.