Posted on April 14, 2012 by admin Last updated on: April 14, 2012
With the evolution of the networking technologies, networks were expanded in both private and public aspects. These public and private networks communicate with different types of networks belonging to different sectors such as businesses, government agencies, individuals etc. These communication links are not always in a single network, there can be multiple public and private networks. Due to this, the security of transferred data is playing a major role in network communication. Nowadays, office virtualization is a rapidly spreading technology, in which employees can work physically in different geographical regions. In such technologies, employees can access their company private network through public networks such as internet. So that, Network Security is a major aspect for any organization, Enterprise and institutions in order to protect assets and integrity.
IPSec (Internet Protocol Security) is a protocol designed to ensure the security of data sent through a network. This protocol is commonly used to implement Virtual Private Networks (VPNs). The security is implemented based on authentication and encryption of IP packets at Network layer. IPsec basically supports two encryption methods, Transport mode and Tunnel mode:
Transport Mode : Only Encrypt Payload of IP Packet and no encryption for Header portion.
Tunnel Mode: Encrypts both Payload and Header.
For a successful communication initialization, IPSec uses mutual authentication (2 Way) protocols to establish the communication and to keep the communication continue, it shares a public key between sending and receiving devices. This function is performed by the protocol known as Association and Key Management Protocol which uses digital certificates to authenticate receiver with the sender.
SSL VPN (Secure Sockets Layer Virtual Private Networks) provides standard web browser based VPN solution in Transport Layer. Sockets are used to transfer data between sender and receiver. There are two types of SSL VPNs.
SSL Portal VPN: This method provides secure access to multiple services using a single standard SSL connection to the relevant web site. Client can access the SSL VPN gateway using any standard web browser, and the client has to provide necessary credentials as required by the SSL VPN Gateway, to authenticate.
SSL Tunnel VPN: This method enables web browser to access multiple network services. Especially this method supports a variety of application and protocols which may not be web-based. To enable SSL Tunnel VPN, the web browser must be capable to handle active contents.
SSL communication uses two keys to encrypt data, a public key, which is shared to everyone, and a private key for the receiving party only.
What is the difference between IPSec VPN and SSL VPN?
• Generally, IPSec requires installing IPSec 3rd party client Application/ Hardware in client PC, and the user has to start the application to start the secure connection. This can impact an organization financially, as they have to buy licenses for these VPN clients. But for SSL VPN, it is not necessary to install separate application. Almost all the modern standard web browsers can use SSL Connections.
• In IPSec communication, once client is authenticated to the VPN he has the full access of the private network, which may not be necessary, but in SSL VPNs, it provides more precious access control; at the beginning of the SSL authentication, it creates tunnels to specific applications using sockets rather than to the whole network. Also, this enables to provide role based access (different access rights for different users).
• One Disadvantage of SSL VPN is that, we can use mainly web based applications using SSL VPN. For some other applications, though it is possible to use by web-enabling it adds some complexity for the application.
• Due to providing access only for Web-Enabled Applications, SSL VPN is difficult to use with applications like file sharing and printing, but IPSec VPNs provide highly reliable printing and file sharing facilities.
• SSL VPNs are becoming more popular due to ease of use and reliability but, as we mentioned above, it is not reliable with all the applications. Therefore, selection of the VPN (SSL or IPSec) totally depends on the application and requirements.