IPSec versus SSL: Which VPN Protocol is Better for You
Not too many years ago, if a remote office needed to connect to the corporate network at the head office, dedicated leased lines had to be installed between the offices. Although the connections provided by these leased lines were adequately secure and fast, the costs were enormous.
Furthermore, installing dedicated dial-in remote access servers (RAS) was the only means for companies to ensure that mobile users were accommodated. The RAS consisted of one or several modems that the company reached using a phone line. This would allow mobile users to connect to the network. However, the connection was excruciatingly slow, to the degree that it impeded productivity.
Once Internet came into the picture, everything changed. Already existing network connections and a global web of interconnected computers meant that companies no longer had to spend massive amounts of money and manpower on the installation of dial-in modem banks and dedicated leased lines. All they had to do was connect to the Internet.
However, new challenges emerged. To begin with, companies had to find a way of limiting the people who get access to certain information. Opening up the entire corporate network to the public was unacceptable because unauthorized users could easily access crucial information about the company. For that reason, companies spent huge sums of money developing firewalls and other network security tools to ensure that no unauthorized people accessed the company’s internal network.
The Rise of VPNs
The question emerged: how do you resolve wanting remote offices to connect to the corporate network and the need to block the general public from accessing your company’s internal network? By setting up a Virtual Private Network (VPN). A VPN creates a virtual tunnel connecting two computers. The data traveling through the VPN tunnel is encrypted such as even if another user intercepts the traffic, they cannot decipher the communication.
Setting up a corporate VPN enabled companies to provide remote employees and offices across the globe with a means of accessing the company’s internal network while keeping out everyone else. All this without the enormous budget and administrative headache associated with setting up a traditional leased line WAN (wide area network). As a result, productivity increased tremendously. Most crucially, when implemented correctly, all this is achieved without sacrificing the integrity or the security of the company’s network and data.
Traditional IPSec VPNs
To create a virtual tunnel between two endpoints, traditional VPNs relied on technology referred to as IPSec (Internet Protocol Security), which functions on the Network Layer of the OSI Model. It encrypts data transmitted between two endpoints without linking to any given application. Therefore, when a client computer is connected to an IPSec VPN, it is “virtually” a full member of the entire corporate network, meaning it can carry out the functions it would have at the physical location.
Most IPSec VPN solutions need third-party software and/or hardware. A device or workstation is required to have an IPSec client software app set up to connect to an IPSec VPN. This is both an advantage and a disadvantage.
The advantage is that it offers additional security in a case where the client computer needs to run the correct VPN client to connect to the company’s IPSec VPN and also needs to properly configure the VPN client. These additional steps make it virtually impossible for an unauthorized user to connect to the corporate network.
On the downside, though, it can be extremely costly to maintain the client software licenses and quite an arduous task for the company’s IT team to set up and configure the software on every remote computer, especially in cases where they can’t be on site to configure the software in person.
It is the resolution to the above problem that is generally pointed out as one of the main advantages of VPN solutions which employ SSL (Secure Sockets Layer) technology. This common protocol is built into every major web browser. As a result, nearly every computer worldwide has the capability to connect to an SSL VPN.
Another advantage of SSL VPNs is that they enable the company to exercise more control over the connection. To begin with, instead of tunneling traffic for the entire corporate LAN network, SSL VPNs provide encrypted tunnels for specific applications. As a result, remote users are given access only to the specific applications that are tied to their tasks and not the company’s entire network.
Second, SSL VPNs make it easier for companies to provide varying levels of access to different users and to exercise a high level of control over what a user can access on the network.
That said, SSL VPN has its disadvantages. One, the fact that remote users can access company applications only through web browsers means that the VPN is limited to web-based applications. Even though other applications can be web-enabled to provide access to the SSL VPN, this step has the effect of making the solution more complicated and therefore cancels some of its advantages.
Two, when access is limited to web-based SSL applications, it means that remote users are denied access to important network resources such as centralized storage and printers. Therefore, they cannot use the VPN for file backups and file sharing.
SSL VPNs are becoming increasingly popular and prevalent, but that is not to say that they are the ideal VPN solution for every case. Similarly, IPSec VPNs are not the most suitable for all situations. For this reason, VPN providers are working on ways of improving SSL VPN technology, so it’s a solution worth keeping an eye on.
Meanwhile, before adopting either IPSec or SSL VPN solutions, it is imperative that you carry out a careful audit of your company’s needs as well as those of its remote users and weigh them against the advantages and disadvantages of both solutions to determine the most suitable one for your company.
To learn more about the VPN services available on the market and the ones most suitable for certain functions, read our in-depth expert reviews.