Determining which SSL VPN Functions to Use
SSL VPNs offer numerous features and functions, some of which may not be necessary (or even advisable) to use for particular implementations. The decision as to which SSL VPN capabilities an organization should utilize is directly tied to its business aims. Some common scenarios are described earlier in this chapter. In addition, some important items to note as basic guidelines include:
1. Application-level access should be used for general access. When applications offer a web interface, the web interface should be offered via the SSL VPN.
2. It is inefficient and undesirable to use terminal-services-type access for accessing applications with web interfaces. Doing so hurts the performance and unnecessarily limits the number of points from which the applications can be accessed.
3. Network tunneling may be used for power users from trusted devices, but should not be offered when accessing from machines not known to be secure. Port forwarding, etc...
