IPSec vs. SSL VPNs for Secure Remote Access

IPSEC and SSL:

Changing work styles, new computing and communication devices, and the ever-increasing expectations of today's end users are driving the demand for expanded remote access. Many companies today support full-time remote workers, or "day extenders," who supplement office hours by working from a home PC. Business partners work from their offices behind their own firewalls, and remote users want clientless, broadband, and Wi-Fi access from anywhere their travel takes them. They all expect easy, secure access to the network resources they need, from anywhere, at any time, using any device and with ipsec and ssl this is a reality.

And, today, a greater number of users need access to corporate resources from environments that IT organizations can't possibly control such as home PCs or airport kiosks. Many users are also taking advantage of wireless technology, both through the increasing number of public Wi-Fi hotspots and through company-sanctioned wireless local area networks (LANs) as well as access points that they've set up on corporate networks. In addition, many companies extend their networks not only to mobile employees, but also to trading partners, consultants, and customers around the globe. These new and varied access situations bring security concerns to the forefront.

ipsec and ssl Solutions:

There are economic factors to consider, too. As companies continue to look for ways to save money, many see advantages in using new technologies such as Voice over Internet Protocol (VoIP) to streamline costs. The rapid expansion and increased availability of broadband access also means that most users are now accessing the corporate network over the Internet from fast broadband connections with near local response times.

At one time, traditional Internet Protocol Security (IPSec) and virtual private networks (VPNs) were the only options for secure remote access. However, because IPSec solutions were designed for site-to-site connectivity and not with a highly mobile workforce in mind, these solutions provided limited remote access and often proved both difficult and costly to maintain. In response to increasing user demands for remote access, a new kind of VPN emerged, SSL VPNs. These new VPNs, based on the Secure Sockets Layer (SSL) protocol that safeguards the world of e-commerce, quickly became the leading option for remote access.

Comparing ipsec and ssl:

And increasingly, SSL VPNs are replacing IPSec VPNs for remote access as they offer everywhere access with complete control and security. In addition, recent advances in SSL VPN technology offer many benefits for both users and companies. When compared to IPSec VPNs, SSL VPNs are less costly to manage, eliminate security risks of open-by-default tunnels, and offer a simpler, easier experience for employees and business partners who need access to a wide range of applications and resources from remote locations.

This paper provides an overview of the differences between SSL and IPSec, and explains why SSL VPNs are ultimately a better choice for secure remote access.

Traditional IPSec VPNs: Designed for site-to-site connectivity
VPNs, initially based on the IPSec protocol and offered by network equipment companies, were originally developed for site-to-site communications between branch offices. These site-to-site VPNs were an economical way to extend the corporate network to remote offices over the public Internet, avoiding the high cost of private wide area network (WAN) connections.

The resulting secure connection between trusted private networks offered access similar to that of the corporate network. As companies broadened their use of VPNs to meet other remote access needs, proprietary extensions had to be added to the IPSec standard, or to vendor implementations of the protocol, to address the complexity of adding individual end users to the remote access equation.