Solved

Question regarding IPSEC , SSLVPN and HTTPS

Posted on 2009-04-02
3
544 Views
Last Modified: 2013-11-21
Dears ,
i would liek to know the difference between IPSEC , SSLVPN and HTTPS ,
And for which scneario we wouild use IPSEC , SSLVPN or HTTPS
and a brief history behind each technology and which came first ....


thanks in advance,
0
Comment
Question by:sfda_soc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
ID: 24062544
This is a bit too encompassing for one question - 3 questions for 3 topics each...

I would suggest wikipedia for the history and more detail:
http://en.wikipedia.org/wiki/IPsec
http://en.wikipedia.org/wiki/SSL_VPN
http://en.wikipedia.org/wiki/Https

For SSL in general:
http://en.wikipedia.org/wiki/Secure_Sockets_Layer

Briefly tho...
IPSec - commonly used for encrypting tunnels such as L2TP, where all of the traffic is encapsulated within the encrypted tunnel.  This is used for encryption at layer 3 of the OSI model, although typically used in conjunction with L2TP which operates at layer 2 (hence its name Layer 2 Tunneling Protocol).
reference L2TP: http://en.wikipedia.org/wiki/L2TP

SSL VPN - Allows for a secured VPN session so that a remote user may access the internal LAN over a secured session.  Although the VPN server may also be authenticated, the focus is more on the user authentication here prior to negotiating the encrypted session.  Operates at layer 4 of OSI.

HTTPS - SSL (or TLS, the name of the standard that was based on SSL v3 and is practically identical to SSLv3 aside from its name) sessions for normal HTTP traffic used to create an encrypted session for web users.  Here the focus is for the user to be able to validate the authenticity of the server that they are providing sensitive information to, such as banking/credit card info/passwords/etc. and upon establishing that trust of the server the user may supply sensitive information across the secure encrypted session.  Operates at layer 4 of OSI.

VPN and HTTP both typically use a standard web server certificate issued from any trusted certification authority (CA).  This will assert the "Server Authentication"  enhanced key usage (EKU) and "Digital Signature" key usage (KU).

However IPSec does not use a standard SSL certificate and is often issued from an internally operated CA or a partner company's CA, although there are some commercial vendors available.  It will assert the "IP security IKE intermediate" EKU and "Digital Signature" KU.

Hopefully that does the trick for you.  The 'which came first' thing is a bit elusive.  Certificates have been around for many decades now, wiki says SSL 2.0 came out in early 1995 but that doesn't mean that the other technologies utilized it right away.

From my own recollection on usage:
HTTPS was used pretty quickly and many users knew to look for 'the gold lock' by the time windows 98 released.

IPSec was a new feature to Windows 2000.  It may have been in use in other server OS like UNIX prior to that, but that would be the major exposure to the concept.  I still don't think this one has really 'taken off' yet..

SSL VPN - VPN has been around for a number of years now and the ability to secure it is natural.  Initially this would have been done using password authentication with data passed in the clear, but security fobs started to emerge near the end of the 90's, and have grown significantly in usage every year since where now they are somewhat common at many companies.

As the technology for each came out around the same time (1995), the best I can do right now would be if I were to order them based on adoption I would say HTTPS (@1996-97), SSL VPN (@1998), IPSec (@2000).
0
 

Author Comment

by:sfda_soc
ID: 24066871
what about where to use each technology ?
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 24077895
What the first thing after each listing above...
ipsec - used primarily for the encryption part of L2TP tunnels (also used somehow in IPv6)
SSL VPN - securing VPN solutions
HTTPS - primarily used for securing web pages, also occasionally for other things like securing FTP (FTPS)
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cloud file services can fill many different roles for your business. Often, the use of cloud file services begins with employees using consumer products, like Dropbox, to share files with customers and each other. While sync-and-share can be an effe…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question