Analysis of Different network security protocols

Source: Internet
Author: User

For network security, this is a more complex structure and engineering. Many factors can affect our network environment. In the network, we define various network security protocols for effective protection. Next we will compare and analyze different protocols.

SSL and IPSec

(1) SSL protects the security of data transmitted on the transport layer. In addition, IPSec also protects the security of data packets on the IP layer, such as UDP packets.

(2) for an in-use system, SSL does not need to change the protocol stack but the application layer, but IPSec does.

(3) SSL can be one-way authentication (only for servers), but IPSec requires both parties to authenticate. When an application layer intermediate node is involved, IPSec can only provide link protection, while SSL provides end-to-end protection.

(4) IPSec is seriously affected by NAT, but SSL can pass through NAT without any impact.

(5) IPSec is an end-to-end handshake with low overhead. SSL/TLS shakes hands over each communication, causing high overhead.

SSL and SET

(1) SET is only applicable to credit card payment, while SSL is a connection-oriented network security protocol. SET allows non-real-time packet exchange between Parties. SET packets can be transmitted on the bank intranet or other networks, while the Card Payment System on SSL can only be bundled with the Web browser.

(2) SSL only occupies part of the E-commerce system (transmission part), while SET is at the application layer. Other layers on the network are also involved, which standardizes the entire business activity process.

(3) SET is far more secure than SSL. SET completely ensures the confidentiality, authentication and deletion, integrity, and non-repudiation of information transmitted over the Internet. SSL also provides information confidentiality, integrity, and a certain degree of identity authentication, but SSL cannot provide a complete anti-denial function. Therefore, from the perspective of online security payment, SET is more targeted and safer than SSL.

(4) the transaction process of the SET protocol is complex and huge, Which is slower than the SSL processing speed. Therefore, the server load in the SET is heavier, while the system load of the SSL-based online payment is much lighter.

(5) SET is more expensive than SSL and has software requirements for all parties involved. Currently, it is rarely used for online payment, so SET is rarely used. SSL has a high penetration rate because of its wide scope of use, low cost and convenient implementation. However, with the increasing demand for the security of web-based transaction 2, SET will certainly be the future direction of development.

SSL and S/MIME

S/MIME is the encrypted network security protocol used by the application layer to protect E-mail, while SMTP/SSL is not very effective in protecting E-mail, SMTP/SSL only provides the security of SMTP links, while the path from the mail server to the local server uses the POP/MAN protocol, which cannot be protected by SMTP/SSL. On the contrary, S/MIME encrypts the content of the entire email and sends it with MIME-based instruction. This sending method can be any one. It removes the restriction of the secure link. Only two terminals that send and receive emails support S/MIME.

SSL and SHTTP

Shui is an application-layer encryption protocol that can perceive the structure of application-layer data and use messages as objects for signature or encrypted transmission. Unlike SSL, messages are processed as streams. SSL actively processes data streams by frame. Therefore, SHTTP can provide proof of message-based anti-denial, whereas SSL cannot. Therefore, SHTTP is more flexible and more functional than SSL, but it is more difficult to implement and use, because it is more common to use SSL-based HTTPS than SHTTP.

Each network security protocol has its own advantages and disadvantages. in actual application, you should select an appropriate protocol based on different situations and pay attention to enhancing intercommunication and complementarity between protocols to further improve network security. In addition, although the current network security protocol has implemented Security Services, no matter which security protocol is established, the security system cannot resist all attacks, and the new achievements of the password technology should be fully utilized, based on the analysis of existing security protocols, we constantly explore the application modes and fields of security protocols.
 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.