Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 IPSec or SSL VPN? Decision Criteria.

Published byOsborne Warner Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 IPSec or SSL VPN? Decision Criteria."— Presentation transcript:

1 Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 IPSec or SSL VPN? Decision Criteria

2 2 Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net The Traditional Enterprise Leased Lines The Extended Enterprise Business Partners Day Extenders Mobile Workers Customers Branch Offices Fixed Telecommuters Data Center

3 3 Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Business Connectivity Requirements  Must support business productivity for all audiences, while cost- effectively securing communications Secure Affordable Raise Productivity High Performance & Availability

4 4 Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net The Enterprise Connectivity Solution Use the Internet to replace leased lines Business Partners Day Extenders Customers Branch Offices Fixed Telecommuters Data Center Business Partners Mobile Workers Fixed Telecommuters Mobile Workers Internet

5 5 Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net NetScreen IPSec and SSL VPNs Department Servers DMZ Finance HR Sales Business Partners Day Extenders Mobile Workers Customers Branch Offices Fixed Telecommuters Data Center Internet

6 6 Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net The Secure Access Landscape Fixed/Site-to-SiteRemote Access Connectivity Requirements:  Bridge fixed, “trusted” networks  Managed devices  Transparent access to remote LAN  Full access to network resources  Network-layer mgmt & administration Connectivity Requirements:  Access from “untrusted” networks  Access from unmanaged devices Options:  Internet VPNs (IP Sec)  Network VPNs (MPLS) Options:  SSL VPNs Remote/Branch Office Fixed telecommuters Business Partners Customers HQ Mobile employees/consultants

7 7 Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Juniper Network Netscreen Secure Access SSL VPNs and IPSec VPN Products Type of Application Type of PCRemote Network Security Type of Connection Type of VPN Remote Office/ Branch Office CorporateManaged, TrustedFixedIPSec Mobile EmployeeCorporate or Non-Corporate Unmanaged, Untrusted MobileSSL VPN Partner/CustomerNon-CorporateUnmanaged, Untrusted MobileSSL VPN

8 8 Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net NetScreen VPNs Meet Business Needs Requirements: Resiliency at device, network and VPN level Dynamic Route-Based VPNs leverage "self-healing” capabilities Centralized management Integrated purpose-built solution Integrated high performance, robust firewall (w/ Zones) Secure Affordable Ease of use High Performance & Availability NetScreen IPSec VPNNetScreen Secure Access SSL VPN Hardened appliance, AAA policy integration, and access privilege management Route-based VPNs offer low TCO for site-to-site or fixed configurations No client or server changes Low TCO for remote/mobile employees, partners and customers Simple Web interface Centralized management for administrators Stateful failover an a variety of clustering options

9 9 Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Industry Analysts Agree The IPSec VPN Market is Growing IPSec VPN market: $10B in 2003, $12B by 2004 Inclusive of hardware, software and services Site-to-Site VPNs (Infonetics 2003) 60% of enterprises implementing network-layer VPNs

10 10 Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Industry Analysts Agree… The SSL VPN Market is Growing TAM M$’s (Infonetics 2/04) Remote Access “We project that by 2004, 60% of corporate users will use SSL for remote access at least some of the time.” “By 2005/06 SSL- based solutions will be the dominant method for remote access, with 80% of users utilizing SSL...” TAM M$’s (Infonetics 2/04)

11 11 Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Decide Your VPN Needs By User Type and Network IT environment:IPSec VPNSSL VPN Type of connectionFixed connectionTransient connection Type of deviceManaged corporate deviceVarying devices Type of accessSite-to-siteRemote employee, business partner, customer Access Controls Robust firewall functionality Enables access management policy enforcement

12 12 Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Decide Your VPN Needs By User Type and Network User constituency:IPSec VPNSSL VPN Remote office employeesX IT staffXX Mobile employeesX Day extendersX ConsultantsX CustomersX Business partnersX

13 13 Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Decide Your VPN Needs By User Type and Network Applications and content:IPSec VPNSSL VPN Voice Over IPX Entire subnets with no application access control required X Networks, including intranets and extranets, that require access control X Web applicationsXX Client/server applicationsXX Intranet contentXX EmailXX File ServersXX Server socket dependent applications XX

14

15 15 Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net IPSec and SSL IPSec Design Goal – low level secure network connectivity Network layer connection IPSec encryption Any TCP ports flow over tunnel Usually done with a hardware gateway on the LAN and a hardware or software client Gateway IPSec Gateway Tunnel/transport applications SSL Design Goal – Secure application-to-application connectivity Server Specific Protocol Client Port 443 Application layer connection SSL or TLS encryption Specific port is open (easier to secure) Usually done in application software (included with all standard Web browsers and e-mail applications)

16 16 Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net IPSec and SSL Physical Data Link Network Transport Sessions Presentation Application Transport Internet Protocol Network HTTP, FTP, POP TCP, UDP IP SSL/TLS IPSec OSI TCP/IP

Download ppt "Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 IPSec or SSL VPN? Decision Criteria."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net 1 WX Client Rajoo Nagar PLM, WABU.

| Copyright © 2009 Juniper Networks, Inc. | 1 WX Client Rajoo Nagar PLM, WABU.
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Check Point ©2000 Check Point Software Technologies Ltd. -- Proprietary & Confidential Robert Żelazo Check Point Software Technologies Ltd. Check Point.

Check Point ©2000 Check Point Software Technologies Ltd. -- Proprietary & Confidential Robert Żelazo Check Point Software Technologies Ltd. Check Point.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
VPN’s Kristin Belanger. VPN’s Accommodate employees at distant offices Accommodate employees at distant offices Usually set up through internet Usually.

VPN’s Kristin Belanger. VPN’s Accommodate employees at distant offices Accommodate employees at distant offices Usually set up through internet Usually.
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Remote Networking Architectures

Remote Networking Architectures
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
Network Security Philadelphia UniversitylAhmad Al-Ghoul 2010-20111 Module 12 Module 12 Virtual Private Networks  MModified by :Ahmad Al Ghoul  PPhiladelphia.

Network Security Philadelphia UniversitylAhmad Al-Ghoul Module 12 Module 12 Virtual Private Networks  MModified by :Ahmad Al Ghoul  PPhiladelphia.
Virtual Private Networks (VPN’s)

Virtual Private Networks (VPN’s)

Similar presentations

Ads by Google