Are there any reasons for using SSL over IPSec?

SSL is security at the Application Layer

and IPSec is securing the Network Layer


IPsec will work with any application but requires an IPsec client to be installed on each remote device (PC, PDA, etc.) to add the encryption.


In contrast, SSL is built into every browser, so no special client software is required. However, because of its dependence on browsers, SSL normally only works with Web-based applications (e.g., not Microsoft Outlook for e-mail). There is a workaround to this that requires enterprises add a separate SSL tunnel-termination gateway box at their central sites; this box then front-ends traditional client-server applications that aren't accessible from a browser. 

Besides SSL not requiring any special client software, there's one other benefit. Most [telecommuters] with residential broadband services (e.g., DSL, cable modem) use IP VPNs based on either IPsec or SSL-encrypted tunnels to protect against eavesdropping. Some residential broadband services have started blocking IPsec traffic from home users unless that customer pays ... much more expensive business (as opposed to residential) rates. These same broadband providers can't block SSL, since everyone routinely uses SSL to access their bank accounts or to make credit card purchases from e-commerce Web sites. Thus, SSL (compared to IPsec) is immune to attempts by residential broadband service providers to force [telecommuters] (or their employers) to pay more for the same service.


Finally, some NAT (network address translation) routers don't work well with IPsec traffic, whereas SSL passes through NAT routers just fine. 


I would say SSL and IPSec are complementary and effectively secure network traffic when used together

All comments are reviewed by the administrator, before they are published.

Post a Comment (0)
Previous Post Next Post