Securing endpoints in SSL VPNs

By Joel Snyder
Network World, 12/06/04

Original Article on Network World Web Site

As an avowed IPSec zealot, I generally recommend the technology for remote access. But the SSL VPN vendors have been building such great technology that there are now places where SSL-based remote access is clearly a better choice than IPSec. One of the best places for SSL VPNs is in the ad hoc environment - places where your employees want to connect but would have to use someone else's computer, such as in an Internet cafe or at their brother-in-law's barbecue.

Because SSL VPNs require only a browser, you can use them from anywhere. The problem is that sensitive information might come through the pipe, and having that data sit on the hard drive either as a saved document or in a browser cache is dangerous. To solve this, the first generation of SSL VPNs used tools such as cache cleaners and cookie crumblers to try to obliterate traces that might be left behind. Moving forward from that primitive start, the new trend is toward virtual desktops - helper applications that track new files and browser changes, and unwind everything when you disconnect.

Unfortunately, even virtual desktops are not perfect. A huge problem is platform support. For example, at that barbecue, if your brother-in-law has a Mac, you can't run a virtual desktop. Or if he doesn't have the right version of Java or isn't running ActiveX, you could be out in the cold.

The story Google search cache spawns SSL fear covers a more subtle problem: Applications that are running before the virtual desktop starts don't get unwound. Google Desktop Search watches files and Web pages, and maintains its own cache. If it's running when you start the virtual desktop, your documents could be cached, accessible to the next person to use the computer, without you realizing it.

SSL VPN vendors will scramble to find a quick solution to the Google Desktop Search problem, but the general issue remains: Techniques such as virtual desktop never will be 100% effective at preventing leaks. Even if your goal is only to help users practice good computer hygiene, the potential for inadvertent disclosure is significant.

Network managers who cannot take this risk can use other technologies in their SSL VPNs, such as a virtual console (think Timbuktu, pcAnywhere or VNC) or terminal services (think Windows Terminal Services or Citrix) application to keep the sensitive data from ever being downloaded in the first place. Of course, all these solutions have their own cost and compatibility problems. If you're at the in-laws' PC, you might not have the possibility or desire to download and launch a Citrix client.

In every case, the best solution is one that supports your security policy, while not needlessly preventing access by legitimate users. Make sure you make your own decision, though, and don't let the magical marketing spin from some of these SSL VPN vendors convince you that the impossible is suddenly easy.