TechSoup.org The place for nonprofits, charities, and libraries

Do you use TLS/SSL at your organization?

  • If you work for an organization that deals with a lot of e-commerce (online storefront, Internet donations, etc) or houses a lot of sensitive client or user data (maybe a healthcare org, social benefit direct service agency, etc), you may already be using TLS/SSL encryption and security protocols on your site and through your email.

    Not sure what all this means? Check out our soon-to-be-released article on the topic. It'll give you definitions of what each of these things mean, whether or not you need to start using them, and how to implement them at your organization. I'll post the link here once it's live.

    Have any of you already adopted using TLS or SSL at your organization? How has it worked for you?

    Becky Wiegand is the Interactive Events Producer at TechSoup.org
    @bajeckabean on Twitter

  • Hi Becky, the org I work for, a non-profit Community Health Care Center, deployed SSL VPN for our doctors to connect to our Electronic Medical Records software.  We've been using it for about 2 years now and has been an absolute blessing from an IT standpoint and a user standpoint.  I am eagerly awaiting the article on TLS and SSL encryption.  

    Gary Network/Systems Admin Berlin, NH
    Host Non-profit Tech Careers, Security Forums
    Co-Host Networks, Hardware, & Telecommunications Forum

  • Gary, which product are you using to enable that?  I'm using the Astaro Security Gateway, which manages and implements OpenVPN.  I've had a great experience with it, too.  Only encountered 1 connection that wouldn't allow me to use it.

    Chris Shipley
    Nutmeg Consulting

  • Hi Chris, we are using the Sonicwall SSL VPN 2000.  We haven't run into any troubles.  It is web browser based, so for IE the users get prompted to install Active X controls.  I set up an additional portal that uses Java for our Mac and Firefox users .  I find the Java connections to be very clunky and unreliable.  Our old method of connection was a VPN through our Sonicwall firewall and having to install the Sonicwall Global VPN client.  Users were not happy, dialup internet was nearly impossible to use with it, and Satellite internet wouldn't connect.  Both problems went away with the SSL connection.   

    Gary Network/Systems Admin Berlin, NH
    Host Non-profit Tech Careers, Security Forums
    Co-Host Networks, Hardware, & Telecommunications Forum

  • Well guys, the article, An Introduction to Transport Layer Security is now live. This issue has become more and more important for organizations in the past few years while trying to ensure their sites are secure as well as meeting new regulatory standards introduced by HIPAA and PCI standards of client privacy and data lineage.

    Hopefully, the article will help more organizations figure out what they need to do to comply with the regulations and offer their users a safer online experience overall.

    Becky Wiegand is the Interactive Events Producer at TechSoup.org
    @bajeckabean on Twitter

  • Well Gary, you already made your investment, but Astaro for the home is completely free with a full subscription to all of their products.  So I would actually recommend checking it out.  Your VPN users for Windows use a graphical VPN client (its an install, but its easy) that is basically a stoplight.  Red means not connected, yellow is connecting, green means go.  Since its using OpenVPN, installing for the Mac is pretty easy.  You just import the files the Astaro user interface gives you into the network manager for Mac and it pretty much just works.  No clunky Java.  No IE BS.

    Though I'll admit logging in through the browser seems pretty nifty.

    Chris Shipley
    Nutmeg Consulting

  • I'll have to give Astaro a look.  Logging in through a browser is very nifty.  When the users log in, it opens up to a bookmark page.  Depending on the user, some will have more bookmarks than others.  Every user gets at least an Outlook web access link.  It is great how you can personalize links, create multiple portals. 

    Gary Network/Systems Admin Berlin, NH
    Host Non-profit Tech Careers, Security Forums
    Co-Host Networks, Hardware, & Telecommunications Forum

  • Hey Chris, I heard an ad on the radio today from Barracuda.  They are offering SSL VPN appliances now.  It sounds like they work fairly similar to the Sonicwall via the web browser. 

    Gary Network/Systems Admin Berlin, NH
    Host Non-profit Tech Careers, Security Forums
    Co-Host Networks, Hardware, & Telecommunications Forum

  • Neat - hopefully they don't use a clunky java interface for Linux / Mac.  I prefer the Astaro implementation of OpenVPN for that reason.  And I also like the little traffic light icon they use for Windows.

    Chris Shipley
    Nutmeg Consulting