With the release of Cisco’s AnyConnect client, there has always been debate on software versus the traditional VPN software from Cisco. Questions like, whether this software would replace Cisco’s traditional IPSec VPN client. How good is it? Ease of use? These are all valid questions for any new software. And, after using it for well over a year, my opinion is there is no debate…
How many times have you requested a firewall access change for a temporary use, and have forgotten? Better yet, how many times would you like a firewall to be opened for a particular time frame, but thought it wasn’t an option, so it has been open ever since? For example, if your business is an 8-5 operation, why have remote access protocols like FTP, SSH, or RDP open 24 x 7? Security is all about limiting exposure, so if you don’t need that type of access, why have it?
With the release of ASA code version 8.2(1), Cisco released AnyConnect Essentials and AnyConnect Premium. Since then, minor changes have been added to the product features as technology expands. AnyConnect version 2.5 is now available, and has added some performance and security enhancements to the 2.4 tree.
But, what are the major differences between these 2 options? Price, of course, as the premium tag denotes a premium price. But in terms of features, which one do you need? Let’s break this down, to help you purchase the license that best suits your needs, and also educate you on the available features within the AnyConnect product line:
It’s every IT person’s dream: you’re lounging on the beach in the Bahamas, sipping piña coladas from a tall glass with the little umbrella, laptop in hand, getting all of your work done remotely. Remote administration grants you the flexibility to turn that dream into reality.
But don’t book that flight without first considering the differences between “administration” and “remote administration.”
Whether your plans including moving to the Bahamas, or even just working from home in your PJs every now and again, we should talk about the security best practices for remote administration that will get you there.
In today’s world, mobility is a must have. Nowadays the Internet is available everywhere, yet many people don’t take advantage of their mobile Internet for anything other then simple web browsing. Why is this? For starters, many people don’t have the security required to access their ‘work’ from locations other than their office. Users often face obstacles due to limitations of older VPN technologies, or more stringent security filtering by Network Administrators at hotels or WiFi Hot Spots.
Older VPN clients based on IPSec required either ESP (protocol 50) or AH (protocol 51) to be opened. In the past, these Administrators would just allow IP any out. These days, limiting access to well known ports is more common. I myself have run into this issue many times over, and my solution is to use SSL based VPNs.
Why would SSL based VPNs help in this case? Well, there are 2 main reasons: Firstly, SSL is a widely used port, so places will not block this (could you imagine the uproar by Web based vendors if this was the case??). Secondly, Cisco offers 3 different levels of SSL VPN depending on the machine you are using, so you don’t have to have administrative access on the machine or the ability to install software.
