Nutter helps a user differentiate between IPSec- and SSL-based VPNsManagement is finally listening to my concerns about securing any external access to the network. They understand that some additional software may be necessary on remote PCs accessing our network and that some training may be needed by remote users as well as the staff administering the VPN system. In doing research on the best system to purchase for our needs, I have seen two - one that mentions the use of\u00a0 IPSec and the other, an\u00a0 SSL-based VPN. Which is best?VPN. This can use up to Triple-DES encryption to secure the communications from the remote users to your network. This requires that software be installed on remote users\u2019 machines. This can add additional steps users must take before gaining access to your network. Examine different vendors\u2019 solutions in this area and you should be able to find one that will allow you to send a CD or floppy with a scripted install that would require little to no input from the user during the installation process.- Via the InternetThe IPSec-based VPN is what you might think of as the "conventional"-type\u00a0When implementing this type of solution, you may want to think about mandating some type of software policy for remote users that requires you be notified of software before it is installed on machines or that your department does the installation. While this may seem like unnecessary overhead, it can help you catch a problem before it becomes an issue. I have seen situations where seemingly "innocent" software, such as some of the game simulation packages or drivers for some multifunction printers (i.e. printer\/copier\/scanner), has caused the VPN software to stop working.The other VPN solution using SSL doesn\u2019t require any software installation on remote PCs. Since this option uses a Web browser and an SSL connection to establish the connection, you will need to look at what resources users need to access to know if this will work. Since you won\u2019t be able to map any drives directly (unless the SSL VPN vendor has included additional functionality in its product), you\u2019ll be limited to whatever Web-based applications your company is currently using. This type of remote access can be cheaper to implement and\/or operate than its IPSec counterpart but with tradeoffs that may limit how well it can address your remote access needs.