VPN: SSL vs. IPSEC
Results 1 to 5 of 5

Thread: VPN: SSL vs. IPSEC

  1. #1
    Senior Member
    Join Date
    Jul 2004
    Posts
    177

    VPN: SSL vs. IPSEC

    Hi all, I've to start a VPN project and I was just wondering which are the pros and cons of both systems... Any thought?

  2. #2
    Shrekkie Reloaded Raiden's Avatar
    Join Date
    Oct 2005
    Posts
    1,115
    well thats a big one actually. Both are used quite alot these days.

    SSLVPN :
    - Mostly used as "extranet" gateway, providing a secure connection over https
    - In most cases it is used for partners or remote-users, where you do not always know or trust the other side or ip.
    - It is fast and does provide good encryption
    - You can really almost tunnel anything these days.
    - Easy to setup and administer

    IPSEC:
    - Very strong encryption
    - Difficult to setup and administer
    - Robust
    - Mostly used in Site-To-Site or Hub-and-Spoke situations. Although it is also used for remote-users, Like Secureclient or Netscreen Remote
    - You can tunnel between networks, hosts or by rules or crypto access-lists

    This is a speedy comparison, i'll add things later if they come to mind ...

    Greetz,
    Last edited by Raiden; February 2nd, 2007 at 10:31 AM.

  3. #3
    Senior Member
    Join Date
    Jul 2004
    Posts
    177
    Thank you Raiden. I guess then, that while for IPSec you need either a hardware equipment or a client software to establish a connection, with the SSL you don't? How do you connect then, I mean, how do I tunnel, ie RDP, through SSL?

    Thank you again.

  4. #4
    Senior Member bAgZ's Avatar
    Join Date
    Jul 2001
    Posts
    206
    I use a lot of IPsec tunneling with Juniper equipment and also use Juniper SSL VPN. If you use Juniper SSL VPN to connect to your network it will first download a little java applet. This is used to transform all the requsets into an http form. So when you try to RDP or ssh over the SSL VPN it will show you all the sessions inside your browser.
    ----------------------------------------------------------------------------------------------------------
    "If I'd asked my customers what they wanted, they'd have said a faster horse." ~ Henry Ford

  5. #5
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    Hi DerekK


    If you have the hardware available to you then personally I would say IPSec is the favourable option to go for.

    Obviously like most things there are methods to attack an IPSec tunnel and an SSL tunnel, however MITM attacks are a little bit easier with an SSL connection (with the required information) whereas they are a touch harder with IKE/IPSec.

    Historically an SSL VPN was commonly used for a VPN solution for say a temporary worker or the occasional remote/home worker who only needs access to maybe one or two machines and only for certain applications. However the advancement in SSL VPN's over the last year or two, especially by Juniper mean an SSL VPN solution is a very viable option for most organisations. Again, historically if any other type of access was required, or even a more unrestricted access to be exact then IPSec was usually the option to go for - it can be used in Extranet, Site-to-Site and Remote Access VPN's, and contrary to common belief it is not all that hard to setup if you have decent hardware.

    You can even deploy both solutions fairly easily if needs be and indeed most organisations do so.

    It shouldnít really be looked at from a security point of view now-a-days, as both protocols are now very similar and provide Authentication, Integrity and Encryption for all data passing through the tunnel. What you need to ask is what your organisational requirements are and which solution will be easiest to roll out and the most affordable.
    Last edited by Nokia; February 3rd, 2007 at 11:28 PM.
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

Similar Threads

  1. Worrisom IPSec vulnerability announced
    By ammo in forum Network Security Discussions
    Replies: 1
    Last Post: May 10th, 2005, 05:33 AM
  2. Cisco IPSec VPN strange packet loss issue
    By ihaveaproblem in forum Network Security Discussions
    Replies: 3
    Last Post: November 10th, 2004, 10:53 PM
  3. Using IPSec to Secure Computers and Network Traffic.
    By Tiger Shark in forum The Security Tutorials Forum
    Replies: 0
    Last Post: October 7th, 2004, 07:18 PM
  4. IPSec and Win2k
    By kadeng in forum Microsoft Security Discussions
    Replies: 5
    Last Post: May 27th, 2003, 08:03 PM
  5. IPSec tut
    By Networker in forum The Security Tutorials Forum
    Replies: 4
    Last Post: May 27th, 2003, 12:03 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides