VPN fast facts: True or false?

SSL VPNs are inherently less secure than IPSec VPNs. False. While they differ architecturally, both VPNs can be deployed securely -- or poorly. Security builds upon standards and products that implement them, but ultimately depends upon appropriate deployment and sound policy definition.

SSL VPNs can be used anywhere that IPSec VPNs can be used. False. IPSec is generally considered a better solution for site-to-site VPNs, where it better satisfies broad application needs and performance demands. SSL is better suited in scenarios where VPN administrators have no control over client software installation, such as extranet collaboratives or nonwork computers (kiosks and homes).

MORE INFORMATION ON VPNs:
  • Join Lisa Phifer on March 30 at Noon ET for an interactive discussion on developments in VPNs.

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

SSL VPNs are suitable for enterprise-class deployment. True. Some SSL VPN gateways are designed for large-scale deployment. They support high user volume, encryption via hardware acceleration and redundancy through failover and load balancing. Many argue that SSL VPNs are more suitable for large populations because they reduce the cost of software distribution. To meet the needs of different constituencies, many companies will likely end up with both.

IPSec VPNs offer more extensible infrastructure. True. IPSec was designed to secure any IP traffic and is configurable to support any IP application. SSL was designed to secure HTTP and has been successfully extended to secure many other applications. However, extensibility ultimately depends on how an SSL VPN product is designed and performs in production environments.

About the author
As owner of consulting firm Core Competence, Lisa Phifer advises companies regarding security needs, product assessment and the use of emerging technologies and best practices. She has been involved in the design, implementation and evaluation of security and network management products for more than 20 years.


This was first published in March 2004

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Back to top