Solved

Question regarding IPSEC , SSLVPN and HTTPS

Posted on 2009-04-02
3
536 Views
Last Modified: 2013-11-21
Dears ,
i would liek to know the difference between IPSEC , SSLVPN and HTTPS ,
And for which scneario we wouild use IPSEC , SSLVPN or HTTPS
and a brief history behind each technology and which came first ....


thanks in advance,
0
Comment
Question by:sfda_soc
  • 2
3 Comments
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
ID: 24062544
This is a bit too encompassing for one question - 3 questions for 3 topics each...

I would suggest wikipedia for the history and more detail:
http://en.wikipedia.org/wiki/IPsec
http://en.wikipedia.org/wiki/SSL_VPN
http://en.wikipedia.org/wiki/Https

For SSL in general:
http://en.wikipedia.org/wiki/Secure_Sockets_Layer

Briefly tho...
IPSec - commonly used for encrypting tunnels such as L2TP, where all of the traffic is encapsulated within the encrypted tunnel.  This is used for encryption at layer 3 of the OSI model, although typically used in conjunction with L2TP which operates at layer 2 (hence its name Layer 2 Tunneling Protocol).
reference L2TP: http://en.wikipedia.org/wiki/L2TP

SSL VPN - Allows for a secured VPN session so that a remote user may access the internal LAN over a secured session.  Although the VPN server may also be authenticated, the focus is more on the user authentication here prior to negotiating the encrypted session.  Operates at layer 4 of OSI.

HTTPS - SSL (or TLS, the name of the standard that was based on SSL v3 and is practically identical to SSLv3 aside from its name) sessions for normal HTTP traffic used to create an encrypted session for web users.  Here the focus is for the user to be able to validate the authenticity of the server that they are providing sensitive information to, such as banking/credit card info/passwords/etc. and upon establishing that trust of the server the user may supply sensitive information across the secure encrypted session.  Operates at layer 4 of OSI.

VPN and HTTP both typically use a standard web server certificate issued from any trusted certification authority (CA).  This will assert the "Server Authentication"  enhanced key usage (EKU) and "Digital Signature" key usage (KU).

However IPSec does not use a standard SSL certificate and is often issued from an internally operated CA or a partner company's CA, although there are some commercial vendors available.  It will assert the "IP security IKE intermediate" EKU and "Digital Signature" KU.

Hopefully that does the trick for you.  The 'which came first' thing is a bit elusive.  Certificates have been around for many decades now, wiki says SSL 2.0 came out in early 1995 but that doesn't mean that the other technologies utilized it right away.

From my own recollection on usage:
HTTPS was used pretty quickly and many users knew to look for 'the gold lock' by the time windows 98 released.

IPSec was a new feature to Windows 2000.  It may have been in use in other server OS like UNIX prior to that, but that would be the major exposure to the concept.  I still don't think this one has really 'taken off' yet..

SSL VPN - VPN has been around for a number of years now and the ability to secure it is natural.  Initially this would have been done using password authentication with data passed in the clear, but security fobs started to emerge near the end of the 90's, and have grown significantly in usage every year since where now they are somewhat common at many companies.

As the technology for each came out around the same time (1995), the best I can do right now would be if I were to order them based on adoption I would say HTTPS (@1996-97), SSL VPN (@1998), IPSec (@2000).
0
 

Author Comment

by:sfda_soc
ID: 24066871
what about where to use each technology ?
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 24077895
What the first thing after each listing above...
ipsec - used primarily for the encryption part of L2TP tunnels (also used somehow in IPv6)
SSL VPN - securing VPN solutions
HTTPS - primarily used for securing web pages, also occasionally for other things like securing FTP (FTPS)
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

We've all had that page pop up telling us there is a problem with the certificate and some of us continue on anyways and others run away to a safer competing site.  But what to do when you get the error - is it your problem or theirs?  What can you …
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now