SSL VPN vs. IPSec VPN.
IPSec VPN is a full-spectrum access security solution for securing intra-office connectivity. It has evolved into a one-size-fits-all solution for all remote access. IPSec VPN, however, may be a potential security vulnerability for companies because of how it is being used.
SSL was designed specifically to secure the HTTP protocol, By encrypting the data streams transmitted via this protocol, SSL provides a secure "wrapper" to protect IP packets between a browser and the Web server, with both sides being set up to support SSL.
There are a few key philosophical differences in the design of the IPSec and SSL protocols. First, IPSec is network-layer centric, while SSL is application-layer centric. Second, IPSec requires specific client software, while SSL uses any SSL-enabled browser as the client. Lastly, SSL is natively mobility-centric, while IPSec is not
SSL VPN was derived as a solution for securing application-based access because of the protocol's philosophy. The application-centric methodology of SSL VPNs allows granular control of user access, thereby creating a per-user policy-based access to be established and enforced. The perceived clientless solution increases user convenience while decreasing maintenance time and cost to the company.
With an SSL VPN, end-user access is restricted unless authorized. With IPSec VPNs, users are authorized unless restricted. Combining the restrictive access and clientless convenience, SSL VPN can secure all data streams between the user and network, while IPSec VPN remains a proven solution to protect data streams from network to network. SSL VPN can be considered an augmenting solution to IPSec VPN, rather than a competing one.
IPSec VPN was designed to protect private data streams between trusted networks from all untrusted networks. SSL VPN was derived to protect data streams between associated sources. All sources are untrustud regardless of whether they are users or a network. This is the key concept to grasp in order to properly optimize both VPN solutions.
Once, there was a clear segregation of trusted sources and untrusted sources. Trusted sources were intra-networks and employees: all others were considered untrusted. Today, such distinction is difficult. For network-to-network connectivity, are your partners' networks trusted? Is the offshore or domestic nutsourced vendors" network trusted? Are the shared colocated and data-recovery facilities trusted? Is the telecommuting employee's home network trusted? For user-to-network connectivity, are consultants or outsourced agents trusted users? Are your business partners" employees trusted?
The point is that the internal network should be the sole trusted infrastructure that can be protected at the highest level by IPSec VPN.
SSL VPN can provide the granular access control such that all users, both in and nut of the physical office, and all connected foreign networks need explicit permission to access any resource within the intranet. Technically speaking, IPSec VPN protects network-to-network data communications between intra-networks across the Internet, while SSL VPN protects intranet data communications from classified users, extranets and the Internet.
The next logical trend is a solution that can effectively integrate various forms of access so that all ingress points can he managed centrally, within the SSL VPN infrastructure and outside the firewall and IPSec VPN management. By achieving such a goal, companies can establish an enforceable policy-based access for all end-users based on classifications--telecommuter, road warriors/traveling employees, partners, vendors.
A comprehensive SSL VPN solution should support both end-user access as well as remote IT administration. It should also support advanced remote-access methods required by technical users, such as all out-of-band and power-control capabilities.
Companies should look for an SSL VPN that can significantly augment IPSec VPN to improve mobility and to enhance internal security for remote access. As SSL VPNs become mainstream in managing mobile business users accessing desktops and applications, the evolutionary trend will demand secure remote administrative access, in addition to end-user access.
For more information from Xceedium: www.rsleads.com/503cn-258
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Special Focus: E-business Technologies|
|Date:||Mar 1, 2005|
|Previous Article:||Appliance secures collaboration: hospital systems unite to exchange information via a secure conferencing appliance.|
|Next Article:||A global MPLS network.|