IPSec or SSL? What type of VPN tunnel to use

IPSec or SSL? What type of VPN tunnel to use

Today it seems insignificant, but establishing a connection between two offices used to not be such a simple process.

IPSec or SSL? This is what we are going to talk about in this text.

First, it was necessary to install specialized links in the long distance between two units. Without a doubt, dedicated links are not cheap at all. Then, there was a configuration phase, which also required equipment time. Team time also implies costs.

Subsequently, the Internet became a popular and cheaper solution to share information. Why should companies invest in dedicated links, increase the budget and occupy the IT workload, if web-based connections have now provided an elementary infrastructure to connect private addresses?

With Virtual Private Network (VPN) it is possible to create tunnels that use the public network to connect different organizational units, share information or connect employees in remote activities to corporate platforms.

This is the default model currently used to share information and create connections for remote access.

What is the tunnel?

VPN networks work from the tunnel concept.

VPN tunnels establish connections for packet traffic. These packages contain specific formats to match the type of protocol in use. That is, a packet that leaves a “network A” is encapsulated in a format that is fixed to the transmission protocol, crosses the tunnel between networks and at the end, when it reaches its destination “network B” is encapsulated.

If the Internet is thought of as the basic infrastructure for transmission, packets are often encapsulated by two types of protocol.

IPSec or SSL?

The two most common VPN implementation models act on different layers of the OSI structure. Internet Protocol Security (IPSec) works at the network layer, while Secure Sockets Layer (SSL) operates at the application layer.

The IPSec implementation was designed to provide permanent point-to-point connections, linking private networks to devices outside the perimeter of the company; For example, office branches.

In that case, packet transmission follows a standard specification within the TCP / IP header, so it is common to find it in manufacturers and operating systems.

The implementation of SSL has been improved in the face of mobility challenges. Unlike IPSec, SSL VPN does not provide access to the private network. The remote user using this type of tunnel can access specific perimeter resources in a controlled manner. The table shown below compares the two implementations.

Work in the network layerWork on the application layer
Peer to peer accessRemote access
Enduring connection between local networks: excellent for connecting officesGranular connection to resources: optimal for connecting remote labor
It is independent of the application adoptedworks in accordance with the protocols adopted by the application
Access through the software.Access to the web portal
 –Limitations for access privilege
Allows any IP-based applicationAllows web-based applications and client / server

What VPN should I use?

There is no set parameter to implement your VPN The most important thing is to understand what your equipment really needs, and then adopt the model indicated by the experts.

In fact, both types can be used at the same time, because different objectives work.

For example, if you need to maintain permanent local access (branches), IPSec implementation is the best option. However, to achieve more access control per application, it is better to adopt the implementation of SSL, which is also more suitable for access by remote users (employed in an external meeting, for example).

But stay alert:

There are free VPN options, but their threats are many, especially for the corporate environment . With data protection regulations such as GDPR , each company must ensure appropriate technologies to protect confidential information.

What are the challenges of VPN networks?

By adopting a VPN connection, your company will promote remote access or transfer corporate information using a network that is not managed by your team. Although this format reduces costs, the information may be subject to interception attempts during the journey.

That is why it is vital to ensure how the implementation of your VPN will provide security in the tunnels. Blockbit UTM takes this security to the tunnel through the adoption of encryption in IPSec and SSL implementations . You may want to access a demo to learn more about the solution.

When properly implemented, technology drives the security and integrity of information and private platforms.

Post Author: Abrakham