Our post last week, The Technology behind Telecommuting, discussed the technology that enables employees to connect with their office remotely. It’s relatively easy to control security within the physical walls of your company, but providing secure remote access to internal resources is more difficult. We have previously discussed the use of Internet Protocol Security (IPSec) or Secure Sockets Layer (SSL) to protect the virtual private network (VPN) from non-employee internet users, but what is the difference between IPsec and SSL?
What is IPSec?
IPSec is a standard suite of protocols that are designed to secure network communication through cryptography. Its primary goals are data confidentiality, data integrity, and host authentication, which it achieves through tunneling, encryption, and authentication. IPsec establishes a “tunnel” over the internet to connect employees that are outside of a corporate firewall or gateway to internal corporate resources.
Advantages of IPSec
When properly configured, IPSec VPNs permit highly secure site-to-site connectivity. It is also capable of providing security and communication with a variety of different networks from around the world, making it very versatile. Additionally, since IPSec operates at the network layer, it provides remote users with virtually full access to corporate network resources, making it ideal for telecommuters and workers in branch offices.
Disadvantages of IPSec
IPSec may require large amounts of processing power on VPN endpoints in order to encrypt, decrypt, and authenticate traffic. The vast configuration options of IPSec make it very flexible, but that also makes it very complex. A single error in configuration could compromise the security of the VPN, leaving it vulnerable. Additionally, IPSec can become quite costly because it requires that corporations provide each employee with a home machine that has the appropriate client software installed in order for the user to access the corporate network.
What is SSL?
SSL is a protocol used to secure web-based communications over the internet at the application layer, using encryption and authentication to keep communications between two devices, typically a web server and a user machine, private. Similar to IPSec, SSL also provides flexibility in allowing companies to define the level of security that best meets their needs. Unlike IPSec, an SSL does not need specialized software on the end user’s computer.
Advantages of SSL
The major advantage of SSL is that is provides a secure and flexible way for employees to connect from any computer with a web browser and an internet connection to an internal network. Additionally, since no special client software licenses or other expensive hardware is needed, SSL is allows for a cheaper deployment in comparison to IPSec. SSL also provides finely detailed client access policies based on user identity and profile, allowing for administrators to be very specific when defining the corporate VPN.
Disadvantages of SSL
There can be additional security risks involved with the use of SSL since many employees use public or home computers to remotely log into the internal network. Personal computers may not have adequate anti-virus software and can therefore spread viruses to the larger network. Additionally, under extremely high loads, the corporate VPN gateway may become overtaxed, resulting in diminished performance.
While both methods are effective, there are a variety of factors your business should take into consideration when looking to deploy a remote access VPN. Application and end user accessibility, ease of use for non-technical workers, encryption and authentication security, deployment and management complexity, scalability and performance, and total costs should all be taken into account. However, the two major factors to consider are who the remote users are and what they need to access. Once you have assessed your company’s requirements and resources, you can make an educated decision on which method meets your needs.
For more information on connecting your offices remotely, click here.
Blog Author: Vanessa Hartung
