VPN choice not clear-cut
Luis Toledo, a computer scientist at the Securities and Exchange Commission, thinks the IPSec VPN with its client-side software is on its way out.
SSL VPNs, which leverage security features already present in Web browsers, eliminate much of the work of administering a VPN. This makes them less expensive and labor intensive.
'I don't need a client-side anymore,' Toledo said.
Timothy M. Clark, director of federal programs for SSL VPN vendor F5 Networks Inc. of Seattle, agrees.
'We have yet to find something that IPSec can accommodate that we can't,' he said.
But he acknowledged that 'there are some agencies like intel who don't think SSL is secure enough.'
Although SSL is the commonly used security for most Web-based commercial transactions, IPSec provides security services at the IP layer. SSL secures sessions, and IPSec secures IP connections.
Bill Jensen, marketing manager for Check Point Software Technologies Ltd. of Redwood City, Calif., is more reserved in his claims for his company's SSL VPN.
'Like any other product in the government market, it is going to depend on what the protection profile is,' he said.
For 80 percent of users, SSL will be adequate, he said. The remaining 20 percent will be better served with IPSec.
'It's not a question of either-or, it's a question of what do I use here, what do I use there,' he said.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.