The debate between the merits of single socket layer (SSL) versus IPSec (Internet Protocol Security) for virtual private networks (VPNs) raged fiercely in the early days of the Internet. Each side argued the technical points with the same obsession as car enthusiasts tousling over the benefits of different brands of auto parts and manufacturers.
Much of the debate used to focus on how SSL and IPSec worked to make a connection between client machines and the VPNs. VPNs have the advantage of being cheaper than using leased line wide area networks (WANs) and allow for remote or mobile workers to access corporate networks as if they are at an office sitting in front of a computer.
In the early days of VPNs, IPSec was used to “tunnel” or make the connection between the remote client and the networks. IPSec allowed that remote client, regardless of whether it was a home personal computer or laptop, to effectively be a seen by the network as just another machine with whatever privileges the network administrator wanted to give the person using that machine.
The problem in the early days was IPSec VPN solutions needed additional hardware or software components to work. Each remote client had to be equipped with that hardware or software in order to be able to connect to the network. The problem with this was the cost of maintaining the hardware and software, and the fact that each remote client had to be individually configured to use the IPSec solution.
SSL offered a way around this. SSL is a common protocol that is used in all of today’s Web browsers. Because it is built right into the browser there is no need for a machine to have any special hardware or software in order to connect to a network.
However, with SSL not needing any specific hardware or software, users inevitably raised a variety of security concerns.
Andy Rolfe, principle analyst with Gartner in the UK said IPSec had the advantage that since it needed to be configured by an administrator, that administrator could set the IPSec protocol to maintain certain security standards on the person’s machine before access was granted.
“Such as making sure my anti-virus pattern files are up-to-date,” Rolfe added. “But if I come to the network through my son’s PC at home or a PC at an Internet caf