VPN fast facts: True or false?
SSL VPNs are inherently less secure than IPSec VPNs. False. While they differ
architecturally, both VPNs can be deployed securely -- or poorly. Security
builds upon standards and products that implement them, but ultimately depends
upon appropriate deployment and sound policy definition.
SSL VPNs can be used anywhere that IPSec VPNs can be used. False. IPSec is
generally considered a better solution for site-to-site VPNs, where it better
satisfies broad application needs and performance demands. SSL is better suited
in scenarios where VPN administrators have no control over client software
installation, such as extranet collaboratives or nonwork computers (kiosks and
homes).
--------------------------------------------------------------------------------
MORE INFORMATION ON VPNs:
Join Lisa Phifer on March 30 at Noon ET for an interactive discussion on
developments in VPNs. Pre-register for this live webcast.
Visit our Featured Topic, VPNs: IPSec vs. SSL.
Browse our collection of Best Web Links on VPNs.
--------------------------------------------------------------------------------
SSL VPNs are suitable for enterprise-class deployment. True. Some SSL VPN
gateways are designed for large-scale deployment. They support high user volume,
encryption via hardware acceleration and redundancy through failover and load
balancing. Many argue that SSL VPNs are more suitable for large populations
because they reduce the cost of software distribution. To meet the needs of
different constituencies, many companies will likely end up with both.
IPSec VPNs offer more extensible infrastructure. True. IPSec was designed to
secure any IP traffic and is configurable to support any IP application. SSL was
designed to secure HTTP and has been successfully extended to secure many other
applications. However, extensibility ultimately depends on how an SSL VPN
product is designed and performs in production environments.
About the author
As owner of consulting firm Core Competence, Lisa Phifer advises companies
regarding security needs, product assessment and the use of emerging
technologies and best practices. She has been involved in the design,
implementation and evaluation of security and network management products for
more than 20 years.