Improve company productivity with a Business Account.Sign Up

x
?
Solved

Question regarding IPSEC , SSLVPN and HTTPS

Posted on 2009-04-02
3
Medium Priority
?
603 Views
Last Modified: 2013-11-21
Dears ,
i would liek to know the difference between IPSEC , SSLVPN and HTTPS ,
And for which scneario we wouild use IPSEC , SSLVPN or HTTPS
and a brief history behind each technology and which came first ....


thanks in advance,
0
Comment
Question by:sfda_soc
  • 2
3 Comments
 
LVL 31

Accepted Solution

by:
Paranormastic earned 2000 total points
ID: 24062544
This is a bit too encompassing for one question - 3 questions for 3 topics each...

I would suggest wikipedia for the history and more detail:
http://en.wikipedia.org/wiki/IPsec
http://en.wikipedia.org/wiki/SSL_VPN
http://en.wikipedia.org/wiki/Https

For SSL in general:
http://en.wikipedia.org/wiki/Secure_Sockets_Layer

Briefly tho...
IPSec - commonly used for encrypting tunnels such as L2TP, where all of the traffic is encapsulated within the encrypted tunnel.  This is used for encryption at layer 3 of the OSI model, although typically used in conjunction with L2TP which operates at layer 2 (hence its name Layer 2 Tunneling Protocol).
reference L2TP: http://en.wikipedia.org/wiki/L2TP

SSL VPN - Allows for a secured VPN session so that a remote user may access the internal LAN over a secured session.  Although the VPN server may also be authenticated, the focus is more on the user authentication here prior to negotiating the encrypted session.  Operates at layer 4 of OSI.

HTTPS - SSL (or TLS, the name of the standard that was based on SSL v3 and is practically identical to SSLv3 aside from its name) sessions for normal HTTP traffic used to create an encrypted session for web users.  Here the focus is for the user to be able to validate the authenticity of the server that they are providing sensitive information to, such as banking/credit card info/passwords/etc. and upon establishing that trust of the server the user may supply sensitive information across the secure encrypted session.  Operates at layer 4 of OSI.

VPN and HTTP both typically use a standard web server certificate issued from any trusted certification authority (CA).  This will assert the "Server Authentication"  enhanced key usage (EKU) and "Digital Signature" key usage (KU).

However IPSec does not use a standard SSL certificate and is often issued from an internally operated CA or a partner company's CA, although there are some commercial vendors available.  It will assert the "IP security IKE intermediate" EKU and "Digital Signature" KU.

Hopefully that does the trick for you.  The 'which came first' thing is a bit elusive.  Certificates have been around for many decades now, wiki says SSL 2.0 came out in early 1995 but that doesn't mean that the other technologies utilized it right away.

From my own recollection on usage:
HTTPS was used pretty quickly and many users knew to look for 'the gold lock' by the time windows 98 released.

IPSec was a new feature to Windows 2000.  It may have been in use in other server OS like UNIX prior to that, but that would be the major exposure to the concept.  I still don't think this one has really 'taken off' yet..

SSL VPN - VPN has been around for a number of years now and the ability to secure it is natural.  Initially this would have been done using password authentication with data passed in the clear, but security fobs started to emerge near the end of the 90's, and have grown significantly in usage every year since where now they are somewhat common at many companies.

As the technology for each came out around the same time (1995), the best I can do right now would be if I were to order them based on adoption I would say HTTPS (@1996-97), SSL VPN (@1998), IPSec (@2000).
0
 

Author Comment

by:sfda_soc
ID: 24066871
what about where to use each technology ?
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 24077895
What the first thing after each listing above...
ipsec - used primarily for the encryption part of L2TP tunnels (also used somehow in IPv6)
SSL VPN - securing VPN solutions
HTTPS - primarily used for securing web pages, also occasionally for other things like securing FTP (FTPS)
0

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Cloud file services can fill many different roles for your business. Often, the use of cloud file services begins with employees using consumer products, like Dropbox, to share files with customers and each other. While sync-and-share can be an effe…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question