Jaycee's Networking

May 7, 2009

VPN’s: IPSec vs. SSL

Filed under: Information, Security — Jaycee @ 7:29 pm

VPN creates a virtual “tunnel” connecting the two endpoints. The traffic within the VPN tunnel is encrypted so that other users of the public Internet can not readily view intercepted communications.

VPN Advantages:

1. By implementing a VPN, a company can provide access to the internal private network to clients around the world at any location with access to the public Internet. It erases the administrative and financial headaches associated with a traditional leased line WAN and allows remote and mobile users to be more productive.

2. Best of all, if properly implemented, it does so without impacting the security and integrity of the computer systems and data on the private company network.

IPSec (Internet Protocol Security) VPN:

Traditional VPN’s rely on IPSec to tunnel between the two endpoints. IPSec works on the Network Layer of the OSI Model- securing all data that travels between the two endpoints without an association to any specific application. When connected on an IPSec VPN the client computer is “virtually” a full member of the corporate network- able to see and potentially access the entire network.

The majority of IPSec VPN solutions require third-party hardware and / or software. In order to access an IPSec VPN, the workstation or device in question must have an IPSec client software application installed.

Advantage:

It provides an extra layer of security if the client machine is required not only to be running the right VPN client software to connect to your IPSec VPN, but also must have it properly configured. These are additional hurdles that an unauthorized user would have to get over before gaining access to your network.

Disadvantage:

1. It can be a financial burden to maintain the licenses for the client software and a nightmare for tech support to install and configure the client software on all remote machines- especially if they can’t be on site physically to configure the software themselves.

2. IPSec is complex. The more sites that connect to each other, the more secure links or tunnels need to be defined and maintained

SSL VPN:

SSL is a common protocol and most web browsers have SSL capabilities built in.

Advantage:

1. Almost every computer in the world is already equipped with the necessary “client software” to connect to an SSL VPN.

2. It allows more precise access control. First of all it provides tunnels to specific applications rather than to the entire corporate LAN. So, users on SSL VPN connections can only access the applications that they are configured to access rather than the whole network.

3. It’s easier to provide different access rights to different users and have more granular control over user access.

Disadvantage:

1. The limitation of SSL was that the browsers could access only Web-based applications, but this challenge was met by Webifying non-Web applications or pushing Java or Active X SSL VPN agents to the remote machines on the fly. These plug-ins gave the remote computers the ability to create network layer connections comparable to IPSec, but without having to distribute dedicated VPN client software.

2. Having direct access only to the web-enabled SSL applications also means that users don’t have access to network resources such as printers or centralized storage and are unable to use the VPN for file sharing or file backups.

As a result, SSL VPNs are making great headway against IPSec VPNs for remote access and seem likely to win out in the end. IPSec is still the preferred method of site-to-site VPNs because either technology requires a gateway anyway, IPSec is better established in this arena and many SSL vendors don’t even offer site-to-site connections. For site-to-site, IPSec carries the day.

Advertisements

2 Comments »

  1. I prefer SSL, but good points nonetheless.

    Comment by ssl certificates — May 15, 2009 @ 7:31 am

  2. Hello my name is Anthon, I really liked your article! Nice work, Jaycee

    Comment by VPN Install — May 12, 2010 @ 4:35 pm


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: