Tunnel vision: Choosing a VPN -- SSL VPN vs. IPSec VPN

Register to Answer this Question

What is difference between site to site VPN and IP sec VPN and SSL VPN?
VPN usage the term in this context is therefore misleading and often assumed uncritically. Lisa Phifer is vice president with Core Competence, a consulting firm specializing in network security and management technology. What's in it for the enterprise at Apple event? It's not that simple, of course. More Questions Like This. Conversely, solutions such as Neoteris' Instant Virtual Extranet, Netilla Networks' Security Platform and Whale's e-Gap are more inclined to Webify applications, even if that means some apps will require backend development to bolt them onto the VPN server. SSL provides confidentiality, integrity active alterations are reliably detected , and some authentication usually server authentication, possibly mutual client-server authentication if using certificates on both sides.

Continue Reading This Article

IPsec VPN vs. SSL VPN: Is Your Remote Access VPN a Liability?

This site uses cookies to deliver our services and to show you relevant ads and job listings. By using our site, you acknowledge that you have read and understand our Cookie Policy , Privacy Policy , and our Terms of Service. This question came from our site for software developers, mathematicians and others interested in cryptography.

IPsec VPNs operate at layer 3 network , and in a typical deployment give full access to the local network although access can be locked down via firewalls and some VPN servers support ACLs. This solution is therefore better suited to situations where you want remote clients to behave as if they were locally attached to the network, and is particularly good for site-to-site VPNs.

IPSec VPNs also tend to require specific software supplied by the vendor, which is harder to maintain on end-user devices, and restricts usage of the VPN to managed devices. They operate on layers 5 and 6, and in a typical deployment grant access to specific services based on the user's role, the most convenient of which are browser-based applications.

It is usually easier to configure an SSL VPN with more granular control over access permissions, which can provide a more secure environment for remote access in some cases. These lightweight clients can often also run local checks to ensure that connecting machines meet certain requirements before they are granted access - a feature that would be much harder to achieve with IPSec.

In both cases one can be configured to achieve similar things as the other - SSL VPNs can be used to simply create a tunnel with full network access, and IPSec VPNs can be locked-down to specific services - however it is widely agreed that they are better suited to the above scenarios.

If you use the HTTP protocol via your browser, your traffic is encrypted whilst it is running through the VPN tunnel itself, but it is then decrypted when it hits the remote VPN endpoint, and travels over the internal network in cleartext. This might be acceptable in some use cases, but in the interest of defence in depth, we ideally want to know that our data cannot be intercepted anywhere between you and the actual service itself.

It includes strengths and weaknesses as well as an overview of each, and also implementing both of them together.

There are reasons for using both protocols. When using an IPsec tunnel you would still want application level encryption. This is advantageous if there is a gap between the end of the tunnel and where your session ends. It doesn't make sense to use both at the same time. The only way to protect against that would be to extend the secure pipe all the way to the application, but neither TLS nor IPsec VPN can do that or is too cumbersome. That leaves payload encryption and digital signing as the only choice, but in that case one needs only either TLS or IPSEC pipe, not both at the same time for equivalent security and to meet performance targets.

IPsec basically supports two encryption methods, Transport mode and Tunnel mode:. Encrypts both Payload and Header. For a successful communication initialization, IPSec uses mutual authentication 2 Way protocols to establish the communication and to keep the communication continue, it shares a public key between sending and receiving devices. This function is performed by the protocol known as Association and Key Management Protocol which uses digital certificates to authenticate receiver with the sender.

Sockets are used to transfer data between sender and receiver. This method provides secure access to multiple services using a single standard SSL connection to the relevant web site.

This method enables web browser to access multiple network services. Especially this method supports a variety of application and protocols which may not be web-based. SSL communication uses two keys to encrypt data, a public key, which is shared to everyone, and a private key for the receiving party only. This can impact an organization financially, as they have to buy licenses for these VPN clients.

Almost all the modern standard web browsers can use SSL Connections. Also, this enables to provide role based access different access rights for different users.

Your Answer