	Login \| Contribute \| Search \| Careers \| Contacts
	Language

News

Partners

Support

VPN SSL vs IPSec

IPSec VPN Client

Support

VPN Client Support VPN Client FAQs VPN Gateway Guides Auth. Server Guides VPN Documentation Supported USB Tokens Supported 3G Modems Supported languages Feature request

About the VPN Client

Datasheet VPN SSL vs IPSec VPN USB Features USB Stick vs Token VPN IPSec & WiFi

Home > Products > VPN Client > SSL vs IPSec

SSL versus IPSec

Secure Sockets Layer (SSL) for remote access is based on a simple concept: use the encryption and authentication capabilities built into every Web browser to provide secure remote access to corporate applications.

An irony of SSL VPNs is that their greatest asset-browser-based access is also their most problematic feature. The freedom and mobility of the browser means that your users can run applications and access network resources from just about anywhere a partner site, an airport kiosk, an Internet cafe, even a friend's house. While that freedom may boost productivity, it also exposes your network to an unlimited number of computers whose security state is unknown and unknowable. Your network may experience increased risk from viruses, Trojans, and other malicious code, such as keystroke loggers.

Browser-based access has other complications as well. Default user authentication is limited to a username and password, which is notoriously insecure.

Let's suppose that the IPSec VPN Client stays light, that it is possible to download it with prearranged network configuration, that it is possible to make the user interface invisible and that the user just needs to insert its USB Stick (USB Flash Drive) with certificates inside to automatically launch connections (i.e. tunnels) then IPSec technology only differentiate itself by a stronger level of security.

Please have an overview on both side issues and how TheGreenBow brings together strengths of both worlds in its software:

	Pros	Cons	TheGreenBow IPSec VPN
SSL	Ubiquity of web browsers enables nearly universal access Allow granular access control to applications Easy access to Web-enabled applications Lower ownership costs than IPSec Easier scalability than IPSec	Users may come in from unknow untrusted machines Tokens or digital certificates required for authentication stronger than user name/password Sensitive information may be left on public terminals Demands some amount of integration for legacy applications	See extremely easy to use and on-demand strategy
IPSec	Client software provides strong device authentication Remote machines easly augmented with AV & policy enforcement software Network layer connection provides complete application access	Ties user to a single machine Requires deployment and configuration to every user you want to give remote access Support services may be costly Firewalls and NAT may interfere with access	See how to untie users by using USB Token or smart card See "on demand" capabilities and features Go to Download page and see extremely easy to use software NAT supported
SSL vs IPSec, Source: SSL VPN Basics By Andrew Conry-Murray, Network Magazine.