While Internet Protocol security (IPsec) is a popular security mechanism for remote access to virtual private networks (VPNs), it is likely that secure sockets layer (SSL) technology will become the encryption standard of choice. This is because it offers improved flexibility, less administrative load and more options to secure a wider range of access devices.
Depending on deployment, multi-protocol labelling switching (MPLS) - a method of speeding up network traffic flow - provides tunnels per company. In this case SSL and IPsec add an additional layer of security.
Remote access VPNs are becoming increasingly necessary for mobile workers to reliably and securely access data on corporate networks. This is made more complex by the phenomenon of increased mobility and the proliferation of access devices, which mean that it`s no longer simply PCs that are used to reach applications and information on the network.
IPsec is a framework for a set of protocols for security at the network or packet processing layer of network communication - differing from earlier security approaches, which inserted security at the application layer of the communications model.
IPsec has been especially useful for implementing VPNs and for remote user access through dial-up connection to private networks. However, it has limitations that are addressed by SSL encryption.
SSL is an increasingly common protocol for managing the security of message transmission on the Internet, and is used by some banks and other secure Web sites. SSL uses a program layer located between the Internet`s Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers, and is included as an integral part of popular browsers and most Web server products.
Remote access VPNs are becoming increasingly necessary for mobile workers to reliably and securely access data on corporate networks.
Andy Brauer, chief technology executive, Business Connexion`s Networks competency
An examination of the advantages of SSL over IPsec reveals that because the former operates at the application rather than the packet processing layer, SSL offers a greater level of flexibility than IPsec. SSL can track more information about the users - such as location, type of access device and operating system. This allows enterprises to extend remote access VPNs to new areas like Internet kiosks or partner sites where the level of granularity assures that users have access to only those resources necessary to fulfil their specific tasks.
There is also a greater level of flexibility for mobile environments, which is particularly relevant in the light of the proliferation of mobile technologies like corporate WiFi.
With many companies establishing WLAN access points outside the corporate firewall, an appropriate policy could include access via a VPN to rule out rogue access. SSL provides a more flexible and seamless VPN architecture than IPsec; wireless connectivity is intended to provide increased convenience, and by using SSL, users will not be forced to manually launch IPSec VPNs when connecting wirelessly at the office.
Furthermore, unlike IPsec, SSL does not have to be physically installed on a device - and it operates across many devices. A significant drawback to IPsec is the administrative overhead of installing software on each device that will be used for a VPN session. With SSL, this is not necessary - it is native and any standards-based browser, on a notebook, a PC, a smartphone or a PDA with a browser, is equipped with the technology.
In addition to these benefits, the increasing introduction of SSL VPNs should also deliver on one of the most pressing concerns for business - a lower cost for secure remote access. This is especially so on the operational side as the overhead of implementing software is immediately removed.
Further into the future, and as SSL VPNs become more popular, it can be expected that they will become a blade technology that can run in a networking or server chassis. This will reduce costs and help lower SSL VPN equipment out of the premium-priced status in which it is presently positioned. The ubiquity and simplicity of SSL VPNs over their IPsec counterparts will eliminate many of the costs associated with help-desk support, allowing users to establish a VPN session using a standard access device - such as a PC or Windows-powered smartphone - and relying on the hardware maker`s technical support to handle installation and configurations.
While IPsec is presently the dominant technology for remote access, the benefits of SSL are compelling, and many organisations are already using it as a more flexible and user-friendly method of securing their VPNs.
However, IPsec is unlikely to disappear - coexistence of the technologies is the most probable scenario for the near future. SSL is likely to increase in use alongside a `capping` of investment in IPsec-imaged machines, with IT departments rolling out SSL on all new computers and in greenfield opportunities.
* Andy Brauer is chief technology executive for Business Connexion`s Networks Competency.
Business Connexion sponsors ITWeb`s networking industry portal. In a connected world, the network is the business backbone of most companies. This portal is an invaluable one-stop source of information and news on how to gain maximum benefit out of networking infrastructure.
Share