Juniper Claims EAL First with SSL VPN

As more and more workers access critical data remotely, the need for secure remote access is growing apace. Federal agencies are certainly not exceptions to the rule.

Thanks (initially at least) to Juniper Networks, federal agencies can now can choose SSL VPN (define)-based remote access technology in addition to IPsec (define) based solutions for secure remote database access.

That’s because Juniper Networks crossed a finish line of sorts today when it claimed to be the first vendor to achieve Common Criteria Certification for an SSL VPN product line.

The distinction means Juniper’s Secure Access (SA) platform is now certified at the Evaluation Assurance Level (EAL) 2 level, following a process that took over year. EAL certification is a security evaluation of the Common Criteria Evaluation & Validation Scheme (CCEVS) that is operated by The National Information Assurance Partnership (NIAP). It is a key distinction that vendors to government agencies must carry.

Though Juniper may well be first, its competitor Cisco Systems may not be all that far behind. At stake is the burgeoning market for remote access in the federal government, which looks to EAL certification as a mark of trust and security.

Common Criteria Certification is a critically important certification for sensitive areas of governmental IT operations. In many cases government agencies are mandated to only buy certified products. The certification standard extends beyond American shores and is currently recognized in over 20 countries.

Vivian Ganitsky, director of product management at Juniper, explained that the SA product line was put into the evaluation queue in November of 2005 and required a “significant” investment to get certified.

“We actually had to do a lot of innovative work to get the product certified because it has never been done before for SSL VPN,” Ganitsky told

Ganitsky commented that Federal agencies are subject to a lot of regulation that makes SSL VPNs and their granular access control a natural fit.

One of the particular federal mandates that Juniper is targeting is the telework mandate. This rule requires departments of State, Justice, and Commerce along with the Small Business Administration and the Securities and Exchange Commission to show an increase in the number of federal workers telecommuting.

To date, Juniper (and other vendors) have sold federal agencies IPsec-based remote access technologies, all of which have achieved varying levels of EAL certification.

“There is a very large opportunity here, everyone has seen the explosive growth of the SSL VPN market, Ganitsky said .”On the government sector this is a whole other opportunity.”

Research firm Gartner has predicted that by 2008 SSL VPNs will be the primary remote access method for greater than 90 percent of casual employee access, more than three-fourths of contractors and more than two-thirds of business telecommuting employees.

Juniper’s Ganitsky said EAL 2 is sufficient security for most of the needs of the agencies’ involved in the remote access.

“With SSL VPNs because it’s so new EAL 2 is considered to be sufficient and the higher levels require more documentation and verification and its something that at this time wasn’t needed for the SSL VPN market,” Ganitsky said.

Common Criteria Certification isn’t just for federal agencies either. It helps to serve as proof positive that SSL VPN is ready for secured enterprise deployments.

“Common criteria is something that many enterprise understand as being a very stringent test and a very powerful third party security audit,” Ganitsky explained. “So it’s not only for government customers.”

Juniper is obviously not the only SSL VPN vendor with an interest in the federal space. Cisco Systems is also gearing its certification efforts as well.

A Cisco spokeswoman told that Cisco cannot comment on claims made by other vendors, but can report that it is in the process of achieving EAL 4 certification spanning SSL VPN and IPSec VPN.

According to the The National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS) Web site, Cisco recently said its ASA 5500 series appliances were entered into evaluation just last week.

Article courtesy of

Latest Articles

Follow Us On Social Media

Explore More