SSL vs IPSec: Find the right VPN network solution for your business

Understanding SSL and IPSec VPN

IPSec VPN - IP Sec Network

IP VPNs came onto the scene in the late 1990s and this is the time that IPSec (Internet Protocol Security) services quickly established itself as the standard to provide secure network-layer connectivity over insecure IP networks, typically the internet

Traditional VPNs rely on IPSec to tunnel between the two network endpoints. IPSec network services work on the Network Layer of the OSI Model- securing all data that travels between the two endpoints without an association to any specific application. When connected on an IPSec VPN the client computer is “virtually” a full member of the corporate network- able to see and potentially access the entire network.

IPSec challenges

The more sites that connect to each other, the more secure links or tunnels need to be defined and maintained. If IPSec is used for remote access, it requires software on every remote machine that must be installed, maintained and updated. This very often poses a challenge for IT manager to maintain a Standard Operating Environment. Apart from the set-up and use of the dedicated client software, there are other complications such as firewall transversal issue that the remote user has to overcome. The user support cost cannot be underestimated.

SSL VPN - SSL Network

Secure Sockets Layer (SSL) VPNs then entered the scene offering application-layer secure access over the internet using capabilities common to most web browsers. The implication was that businesses interested in remote-access VPNs no longer needed to distribute and maintain client software on the remote machines.

SSL for remote access is based on a simple concept: use the encryption and authentication capabilities built into every Web browser to provide secure remote access to corporate applications.

SSL challenges and solutions

• Browsers could access only web-based applications, but this challenge was met by ‘webifying’ non-web applications or pushing plug ins such as Java or Active X to the remote machines. These plug-ins gave the remote computers the ability to create network layer connections comparable to IPSec, but without having to distribute dedicated VPN client software.
• SSL VPNs greatest asset, their browser-based access, is also their problematic feature. The freedom and mobility of the browser means that your users can run applications and access network resources from just about anywhere, a partner site, a remote office, a café, or even at home. While this flexibility can boost productivity, it also exposes your network to a number of computers whose security state is unknown.

This can be resolved through a ‘Host Checker’ feature. Before a user machine can be allowed access, a ‘Host Checker’ application in the form of a java applet is download to the user machine during log-on to check things such as identity of the machine, the presence of Anti-Virus and Anti-Spyware programs, their versions and running status before access is granted.

Which solution is right for me?

The deciding factor between them lies not in what each protocol can do, but in what each deployment is designed to accomplish.

Administrators that need to allow mobile employees, tele-workers, contractors, offshore employees, business partners or customers access to certain corporate resources will be well served by SSL Networks. SSL VPNs are designed to address the needs of diverse audiences that need secure access to administrator-specified corporate resources from anywhere and to change both the access methods and the resources allowed as the users’ circumstances change.

The use of an SSL network is ideal for the mobile user because:

• SSL VPNs do not require a client download onto the device being used to access corporate resources.
• SSL VPNs do not need to be configured by the end user.
• SSL is available wherever there is a standard Web browser, so users don’t need a company laptop.

On the other hand, administrators that need to achieve fixed site-to-site connectivity will be well served by IPSec VPN offerings.

Contact us today to discuss how which VPN Solutions is best for your business SSL VPN or IPSec VPN