• United States

Which VPN?

Mar 30, 20042 mins
MPLSNetwork SecuritySecurity

* When you should use IPSec, SSL and MPLS

A few years ago, there was little question as to whether IPSec, the IETF’s standard encryption and authentication protocol suite, would revolutionize telecommunications security woes. 

While IPSec remains an integral part of most companies’ immediate and long-range plans, enterprises now face decisions about whether they want to use an encrypted VPN – and, if so, when to use IPSec and when to use Secure Sockets Layer (SSL) to do the job.

This decision process is becoming key in two particular network segments: the remote-access network and the core LAN-WAN infrastructure. You can read about the various associated deployment considerations in a pair of separate white papers by NetScreen and Cisco now available at the Webtorials Web site (see “Related Editorial Links” for URLs to each).

NetScreen’s heritage has been specifically in solving network security problems, though this will evolve due to its recent acquisition by Juniper Networks.  In its paper, NetScreen addresses the SSL vs. IPSec question for teleworkers.  In a nutshell, NetScreen recommends using IPSec for those in remote/branch offices with stationary connections to the corporate intranet.  The company recommends SSL – a “clientless” option embedded in most Web browsers – when teleworkers are mobile employees or partners potentially accessing the network from an untrusted network infrastructure. 

The Cisco paper adds another dimension to the discussion by contrasting IPSec VPNs with Multi-protocol Label Switching (MPLS)-based VPNs.  Cisco portrays both as secure infrastructure choices.  However, there are trade-offs.  In particular, IPSec excels in the security-via-encryption category, making it especially appropriate for transport over untrusted network infrastructures, while MPLS excels in traffic engineering and quality-of-service capabilities, according to Cisco. 

Obviously, the nuances of these decisions stretch beyond what we can discuss in this newsletter.  If you want to dig deeper, we recommend taking a look at these papers.  They are quite objective, since the companies that prepared them readily support both the solutions they discuss.