Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

IPSEC V SSL VPN

Posted on 2006-06-27
4
Medium Priority
?
1,332 Views
Last Modified: 2008-03-10
Does anyone have any opinions on IPSEC V SSL VPN environments?  I know IPSEC encrypts the entire OSI model but has a %12 bandwidth overhead and SSL does not have the %12 overhead but only encrypts 4 layers of the OSI model.  I’m looking for more pros and cons of each technology.  

Thanks,

eb
0
Comment
Question by:Erik Bjers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 30

Assisted Solution

by:ded9
ded9 earned 700 total points
ID: 16998861
0
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 700 total points
ID: 17004048
IPSec and SSL are remarkably similar in the way they do key management and other key functions, so it's hard to believe that there is any significant performance difference inherent in the protocols.

Of course, actual mileage may vary based on the implementation and exactly what you're doing with it.

A much bigger deal is what type of functionality you want beyond basic web connectivity.

Do you want connectivity only to a few web-enabled apps, or for random IP protocols? This is an area where IPSec implementations are stronger, though most SSL VPNs can do this with auxilliary software.

Do you want to tunnel the VPN in web protocols (even for random IP protocols) so it works through restrictive firewalls on other networks? Not all IPSec implementations can do this, and this is one area where there is a pretty big performance hit for IPSec even when it does work (whether you notice the performance hit in regular usage is another question).

Do you want to limit access to only the VPN, and not allow access anywhere else in the universe? This is an area where IPSec VPNs are stronger, though some SSL VPNs can do this with auxilliary software.

Do you want to allow people to use random computers rather than one issued by the company that has company software installed? This is an area where SSL VPNs are stronger, though note that there are other issues with doing this.

.....
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 600 total points
ID: 17004339
http://searchsecurity.techtarget.com/qna/0,289202,sid14_gci940324,00.html?track=NL-20       
http://www.nortelnetworks.com/solutions/ip_vpn/collateral/nn102260-110802.pdf

If you're building VPN's on top of https, then take care that you most likely have a cross-domain problem with cookies.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question