IPSec or SSL? What type of VPN tunnel to use

Today it seems trivial, but establishing a connection between two offices used to be not so simple process.

First, it was necessary to install dedicated long distance links between two units. Undoubtedly, dedicated links are expensive. Then, there was a setup phase, which also demanded team time. Team time also means costs.

Later, the internet became a popular, cheaper solution to share information. Why should companies invest in dedicated links, increasing budget and occupying the IT workload, if web-based connections have now provided a basis infrastructure to connect private addresses?

With Virtual Private Network (VPN) it is then possible to create tunnels that use the public network either to connect different organizational units, to share information, or to connect employees in remote activities to corporate platforms.

This is the default model currently used to share information and create connections for remote access.

What is tunneling?

VPN networks are based on the concept of tunneling.

VPN tunnels establish connections for packet traffic. These packages have specific formats to match the type of protocol in use. That is, a packet leaving a “network A” is encapsulated in a format adhering to the transmission protocol, crosses the tunnel between networks and at the end is decapsulated upon reaching the final destination, “network B”.

Considering the internet as the basic infrastructure for transmission, packets are often encapsulated by two types of protocol.

IPSec or SSL?

The two most common VPN deployment models act on different layers of the OSI architecture. Internet Protocol Security (IPSec) operates at the network layer, while Secure Sockets Layer (SSL) operates at the application layer.

The IPSec implementation was designed to provide permanent peer-to-peer connections, linking private networks to devices outside the enterprise perimeter; for example, office branches.

In that case, packet transmission follows a standard specification within the TCP/IP header, so it is common to find it in manufacturers and operating systems.

The SSL implementation has been developed in the face of mobility challenges. Unlike IPSec, SSL VPN does not provide access to the private network. The remote user who uses this type of tunnel has controlled access to specific perimeter resources.

The table below compares the two implementations.

Which VPN should I use?

There is no right or wrong when choosing your VPN implementation. The most important thing is to understand what your team really needs and then to adopt the model most indicated by the experts.

In fact, the two types can be used simultaneously, because they serve different goals.

For example, if you need to maintain permanent local access (branch offices), the IPSec implementation is best suited. However, to gain more access control per application, it is best to adopt the SSL implementation, which is also best suited for remote user access (employees in an external meeting, for example).

But stay alert:

There are free VPN options, but their risks are huge, especially for corporate use. With the data protection laws, every company must ensure adequate technologies to protect sensitive information.

What are the challenges of VPN networks?

By adopting a VPN connection, your company will be promoting remote access or transferring corporate information using a network that is not managed by your team. Although this format lowers costs, information may be subject to interception attempts in transport.

That’s why it’s crucial to ensure how the implementation of your VPN provides security in the tunnels. Blockbit Platform takes this security into the tunnel by adopting encryption in both IPSec and SSL implementations. You might want to access a demo to learn more about the solution.

When correctly deployed, the technology promotes security and integrity of information and private platforms.