Virtual private network VPN makes remote access more secure

Source: Internet
Author: User
Tags ssl connection asymmetric encryption

With the development of enterprise Informatization and the arrival of web2.0 era, the traditional office way has not been up to the demand of the Times, mobile office, Soho office gradually become the mainstream office. Compared to the traditional office, mobile office and Soho Office brings more flexible working hours and office location, for timely access to the latest and most valuable information has a great help. In this era of information, who can first control the information who can control the final victory, so Telnet, remote access began to become a modern working life a necessary demand.

With the remote login, the network security problems are becoming more and more obvious. Opening a remote login may pose a great threat to the network security of an enterprise, potentially resulting in the loss of confidential information, and if so, remote logins are not worth the candle. In order to ensure the security of remote login, virtual private network VPN is born, its appearance improves the security of the whole network, and plays a safe foundation for capturing more valuable information.

Virtual Private Network VPN

Virtual Private network VPN is "virtual private network". Defined as a temporary, secure connection through a public network (usually the Internet), a secure, stable tunnel through a chaotic public network. VPN through virtual private network can help remote users, branch, partners and distributors, such as the establishment of internal trusted security links to ensure the safe transmission of data, so that both the latest information to expand the amount, but also to ensure the timeliness of communication, the most important thing is that it makes the whole "internal" large environment more safe and reliable.

However, with the increase of users ' network security and other usage requirements, VPN technology also needs to be updated, so IPSec VPN and SSL VPN appear successively, which provides a more secure guarantee for our virtual private network.


IPSec VPN is simply a VPN technology that uses IPSec protocol to achieve remote logins, IPSec is the security standard developed by the IETF (Internet Engineer Task Force), and the IPSec protocol is a wide, Open Virtual Private network security protocol, which provides all data protection on the network layer, providing transparent secure communication. It should be noted that IPSec is based on the network layer and cannot traverse the usual NAT, firewall.

Back to the column page: http://www.bianceng.cn

SSL VPN is simply a new VPN technology that uses SSL protocol to realize remote login. The SSL (Security Socket Layer) protocol is the Web application based secure protocol of Netscape, which includes server authentication, customer authentication, data integrity on SSL links, and data confidentiality on SSL links. It is worth mentioning that the SSL protocol is placed in the browser, IE and other browsers, the use of SSL protocol authentication and data encryption of SSL VPN can be exempted from the installation of clients, simplifying the operation of the client.

The difference between IPSEC VPN and SSL VPN

1 authentication, IPSec uses Internet Key Exchange (IKE) to authenticate with digital vouchers or a set of keys, while SSL only uses digital credentials, so if both are authenticated by digital credentials, their authentication security levels are almost the same. In the area of user control, IPSec is able to explicitly connect to mobile users using a receiving device, while SSL uses an uncontrolled device to access the user.

2 secure channels, both IPSec and SSL use typical cryptographic algorithms such as symmetric or asymmetric encryption to perform cryptographic jobs. So the two are not much different in the safe channel, the difference is only in the application.

3 regarding the system attack aspect, uses the IPSec way connection, the intranet connection application system all may be the hacker monitoring, and finds the attack opportunity. And the use of SSL connection, because the use of direct start application system, there is no link on the network layer, so hackers are not easy to monitor, the opportunity for attack is very small.

4 Antivirus, if you use IPSec online, once the client is infected, the virus is likely to infect every computer connected to the internal network. In contrast, if you use SSL online, the infection is limited to this host, and the virus must be the same type of application system, otherwise this host will not be infected.

Advantages of SSL VPN over IPSec VPN

1, SSL VPN application is simple, no configuration is required, it can be installed and implemented quickly, its clients do not require a complex installation because the SSL protocol is embedded in the browser, and its compatibility is different from the IPSec VPN to different operating system needs of different client software, SSL does not need such trouble.

2. SSL VPN is more secure than IPSec VPN, SSL security channel is point-to-point connection, so whether it is in the LAN or extranet data is opaque, as described above, SSL is vulnerable to hacker attacks, the virus may also be very low, even if the infection is only a single host, Does not affect the entire network.

3, SSL VPN has better scalability, IPSec in the deployment of security gateways to consider the topology ordering, once the addition of new devices to change the network structure, it requires redeployment. SSL VPN can be deployed to any node in the intranet, so it can be added as needed without changing the network structure.

4, SSL VPN makes the data more secure, because IPSec VPN is based on the network layer, so once the IPSec VPN gateway, the internal is in a unprotected state, the internal data can be lost. SSL VPN is the key to protect the specific sensitive data, for different user names to give different operating rights, so that both safe and ensure real-time data tracking.

5, SSL VPN has a better economy, for IPSec VPN, if you want to add a branch of access, you need to add a hardware device, which for small and medium-sized enterprises is difficult to bear. However, SSL VPN can add more remote access rights because it needs only one hardware device from beginning to finish, and the investment is more cost-effective.

Advantages of IPSEC VPN over SSL VPN

1, the IPSEC VPN application is more extensive, because SSL VPN is limited to the application of the Web browser, which implementation for non-Web application access, such as file sharing, scheduled file backup, automatic file transfer, etc. This makes sharing of network resources Limited, while IPSec can access enterprise resources without Web Access.

2, IPSec VPN is the ideal network layer, because the IPSec implementation of the network layer of connectivity, any LAN applications can be accessed through the IPSec tunnel, this is the most ideal application scheme for network Rights Management is very useful.

3. IPSec VPN is suitable for private networks, and because of the complete network-layer connectivity, IPSec is the best choice for securing a secure connection to a private network.

Summary: IPSEC VPN and SSL VPN should be complementary relationships

As you can see from the above introduction, IPSec VPN and SSL VPN are advantageous, but their shortcomings are obvious, although SSL VPN was introduced after IPSec, but it is not to replace the IPSec VPN, it can be said that SSL VPN and IPSec is a complementary relationship, Only two of them can be combined to provide a more secure virtual private network, and future businesses will choose between SSL and IPSec for different remote networks, which will be the future of the VPN.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.