
Information Security
- FeatureChoosing between an SSL/TLS VPN vs. IPsec VPN
- FeatureCase study: SSL VPN enables secure remote email access
- FeatureHistory of IPSec, SSL VPN products: How will the market change?
- TipVPN fast facts: True or false?
- FeatureBeyond network perimeter defense: A 'submarine warfare' strategy
- FeatureWeb services security best practices: Presentation and application architectures
- ColumnExamining device-based authentication
- OpinionExamining identification friend or foe technology
- OpinionMarcus Ranum's top free network security tools
- OpinionShowing executives the importance of information security
- FeatureWorking with Linux: Disable service to improve network security

iSTOCK/GETTY IMAGES
VPN fast facts: True or false?
Lisa Phifer separates the truth from fiction about VPNs.
SSL VPNs are inherently less secure than IPSec VPNs.
False. While they differ architecturally, both VPNs can be deployed securely -- or poorly. Security builds upon standards and products that implement them, but ultimately depends upon appropriate deployment and sound policy definition.
Also see
Read Lisa Phifer's cover story: Tunnel vision: Choosing a VPN -- SSL VPNs vs. IPSec VPNs
SSL VPNs can be used anywhere that IPSec VPNs can be used.
False. IPSec is generally considered a better solution for site-to-site VPNs, where it better satisfies broad application needs and performance demands. SSL is better suited in scenarios where VPN administrators have no control over client software installation, such as extranet collaboratives or nonwork computers (kiosks and homes).
SSL VPNs are suitable for enterprise-class deployment.
True. Some SSL VPN gateways are designed for large-scale deployment. They support high user volume, encryption via hardware acceleration and redundancy through failover and load balancing. Many argue that SSL VPNs are more suitable for large populations because they reduce the cost of software distribution. To meet the needs of different constituencies, many companies will likely end up with both.
IPSec VPNs offer more extensible infrastructure.
True. IPSec was designed to secure any IP traffic and is configurable to support any IP application. SSL was designed to secure HTTP and has been successfully extended to secure many other applications. However, extensibility ultimately depends on how an SSL VPN product is designed and performs in production environments.
About the author:
As owner of consulting firm Core Competence, Lisa Phifer advises companies regarding security needs, product assessment and the use of emerging technologies and best practices. She has been involved in the design, implementation and evaluation of security and network management products for more than 20 years.
Start the conversation
0 comments