Monday, March 14, 2011

The SSL VPN and a comparison between IPSec VPN


To understand the SSL VPN IPSec VPN exactly what with the relationship and difference between first come first review the traditional IPSec VPN scheme to understand the SSL VPN IPSec VPN exactly what with the relationship and difference between first …

Read more »

To understand the SSL VPN IPSec VPN exactly what with the relationship and difference between first come first review the traditional IPSec VPN scheme to understand the SSL VPN IPSec VPN exactly what with the relationship and difference between first come first review the traditional IPSec VPN scheme. IPSec English full name is “Internet Protocol Security”, Chinese called “Internet Security Protocol”, this is the basic VPN Security protocols for data encryption agreement, it in through the public network (such as the Internet) in the network layer for transmission to provide Security. The communication is to establish IPSec channel, firstly, we must adopt a certain way establish communication links. Because IPSec agreement supports several operation mode, so communicating parties want first determine what they should use the security strategy and use patterns, which include encryption algorithm and identity authentication method type, etc. In IPSec agreement, once established IPSec channel, all in the network layer above the agreement in communication both encrypted TCP and UDP, such as, SNMP, HTTP, POP, AIM, KaZaa, regardless of these channels construction USES security and encryption method how. 1. The main disadvantages of IPSec (1) safety performance is high, but communication performance low because IPSec security protocols are working in the network layer, not only all network access is encrypted and in user access to all company resources, like using line way and the company network direct physical connection as well. You can or don’t want to let your partner or remote employees to be part of your network IPSec not only make you’re communication of that one small part, but about all channels encryption encrypt channel. So in the security than the SSL VPN good, but the whole communication performance however because of safety affected, but has always higher than the safety performance, this also is currently IPSec VPN still one of the reasons for the mainstream. (2) need client software in IPSec VPN need in each client installed special purposes of the client software, with these software to replace or increase customer system of TCP/IP stack. In many systems, this may cause the system software compatibility with other between problem risks, such as trojans brings safety risk, especially in the client software from website, and not is specially the IT staff installation circumstances. To solve the compatibility IPSec agreement, is still lack of consensus standards, almost all the IPSec client software are proprietary, cannot be combined with other compatible. In some cases, IPSec security protocols in operation in network hardware is applied, in this solution, most requirements communicating parties adopted by the hardware is the same, IPSec agreement in hardware application there is the same in compatibility problems. And, IPSec client software in laptops or desktop application is restricted. This restriction limits the user use flexibility, without loading IPSec client systems in the remote users user cannot and network VPN connections. (3) installation and maintenance difficulties IPSec security protocol requires a lot of IT technology support, including in operation and long-term maintenance two aspects. In large enterprise usually has a few special for employees through IPSecI security protocols VPN remote access to provide services. (4) actual fully support system less although there many development of the operating system is proposed for the support of IPSec agreement, but in actual application is IPSec security protocols, client computer usually only run Windows based system, there are few run other PC system platform, such as Mac, Linux, Solaris etc. 2. Why should use SSL VPN? Without IPSec, Although at present not all, nor most users by SSL VPN communication agent manner, but use SSL VPN users is increasing, some is the original has been using IPSec VPN, reason mainly in the following aspects: (1) no need client software and hardware needs SSL agent in one of the key advantage is not needed in the client setup additional software, and only need in the server installation corresponding software and hardware, and then released by the server to the client. SSL agent can use to support SSL technical standard Web browser and email client. (2) easy to use, easy to support Web interface in today’s factory and have many Web browser and support SSL email client, including Windows, Macintosh, UNIX/Linux, PDAs, even to the cellular phone can pass SSL protocol to communicate. Because these are people already very familiar with, so you can greatly reduce the cost of training. (3) end-to-end vs. The edge safety IPSec security protocols of a major advantage is the only need the client and network resources edge place to establish channel. Only the protection from the client to the company network connection of safety, edge, anyway all run in the internal network data is transparent, including any password and in the transmission of sensitive data. SLL safe passage is in the customer to visit the resources between the establishment, ensure end-to-end truly safe. Whether in internal network or on the Internet data is transparent. Customers on the resources of each time through security operations require the identity authentication and encrypted. These two kinds of VPN way channel safety diagram shown as shown in figure 1. Figure 1 (4) more than 90% of the communication is based on Web and Email nearly cried 90% of the enterprises using the Intranet and VPN external network connection are used for Internet access and E-mail communication, another 10% of the user is to use such as x11, chat agreement and other private client applications, belong to the Internet application.optionsThe SSL VPNIPSec VPNIdentity authentication· one-way identity authentication, two-way identification authentication · digital certificates· two-way identification authentication · digital certificatesencryption· · strong encryption based on Web browser· · strong encryption depend on executionWhole safety· end-to-end safety, from customer to resources end the whole encryption· network edge to the client, only for from customer to VPN gateway between channel encryptionaccessibilityChoose at any time, any site visitsLimit applicable to have defined the good controlled user accessexpenses· low (without any additional client software).· high (need to manage client software).installationInstall · · plug and play without any additional client software and hardware installations· usually require a long time of configuration, need client software or hardwareUsers easy reused· to very user friendly, use very familiar Web browser · without end user trainingFor no corresponding technology, the user is difficult, need trainingSupport applicationsBased on Web application · · · E-mail file sharingBased on the IP protocol, all the serviceusersOur customers, partners user, remote users, suppliers, etcMore suitable to the enterprise internal usescalabilityEasy to configure and expansionIn the server easy to implement free expansion at the client more difficult





Published by
Published by xFruits
Original source : http://www.free-fresh-fast-vpn.info.tm/?p=812...

No comments:

Post a Comment