Problem solve Get help with specific problems with your technologies, process and projects.

SSL vs. IPsec for encryption and authentication of data

I am debating whether to use SSL or IPsec on my network and Web server for the encryption and authentication of data. Can you help me?

Your use, either for customer or internal employees, should pretty much drive your decision. If using Web pages for customer use, then SSL will work the best because it's so dynamic. IPsec will work well for internal employees, or if the same people always return to your site. Your decision should be based on the use (client or company) and how dynamic you want to make it.

With the new advances in certificate management by Cisco and other vendors, the use of IPsec has become easier. Several methods are now available that enable easier certificate management for IPsec, but be forewarned, certificate management and obtaining certificates are not cheap and sometime involve extra man-hours in the beginning.

As well with everything automated by computers, you will need someone who is knowledgeable and knows how to use certificates and the many support devices it will entail.

SSL on the other hand remains the easier choice, but still requires someone on staff with the knowledge and experience.

For more information on this topic, visit these other SearchSecurity.com resources:
  • Article: The pros and cons of securing Web services with SSL
  • Ask the Expert: Learning the difference between PGP and SSL
  • Ask the Expert: Encryption 101: Triple DES explained
  • This was last published in September 2004

    Dig Deeper on IPv6 security and network protocols security

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.