Re: IPsec and TLS

From: phongsak (prasiths_at_yahoo.com)
Date: 06/07/03 

Date: 6 Jun 2003 23:09:10 -0700

By using IPsec, you need no change to existing applications. However,
when using Tunnel mode, I heard people saying that in the real world,
the VPN gateway doesn't scale very well when it serves a lot of
clients. When it is in transport mode, all cryptographic burdens are
put on end devices. This is not suitable for a resource-limited
device such as PDAs or smart phone. That is maybe a reason while
there is no IPSec software for wireless PDAs. Thus, using the PDAs to
access an enterprise network is too risky. Is there any solution on
this problem? So.. I think more people tend to use TLS more than
IPSec. Any comment would be very welcome.

Cheers,
Phongsak

"Neil Daswani" <daswani@cs.stanford.edu> wrote in message news:<bbqj55$iu6$1@news.Stanford.EDU>...
> The advantage of using IPsec (security at layer 3) is existing applications
> that use TCP/IP can be given some level of security with few (or no) changes
> to them. IPsec can be used to provide just authenticated, MAC'ed (integrity
> checked) data with AH (authenicated header), or can be used to provide
> encryption as well with ESP (encapsulating security payload).
>
> The advantage of using SSL/TLS (security at layer 4) is that the security
> achieved is end-to-end-- only the applications at the end-points of the
> connection can see decrypted data. SSL/TLS connections provide (by default)
> authentication, data integrity, and encryption. However, you will have to
> modify the applications to use SSL/TLS instead of regular socket
> connections.
>
> Sincerely,
>
> Neil Daswani
> http://www.learnsecurity.com/introccs/
>
>
>
> "Pliskin" <freebsd101@hotmail.com> wrote in message
> news:bbbr2j$30l$1@ftp.curtin.edu.au...
> > Hi all,
> >
> > currently, i am reading sth about IPsec and TLS and i know that the layer
> > IPsec and TLS offer security are different. IPsec works between TCP and IP
> > while TLS work between Application and TCP.
> >
> > So, may i ask if there is any advantages if i add security at a higher
> layer
> > and any advantage if i add at lower layer?
> >
> > Besides, in terms of security level, which one is better? IPsec or TLS ?
> >
> > Thanks a lot.
> >
> > --
> > =Pliskin=

Relevant Pages

  • [NEWS] Cisco IPSec IKE Multiple DoS Vulnerabilities
    ... Get your security news from a reliable source. ... IP Security, or IPSec, is a set of protocols standardized by the IETF to ... Multiple Cisco products contain vulnerabilities in the processing of IPSec ... an IPSec connection between them for the purposes of connecting two remote ...
    (Securiteam)
  • Re: Isolate systems
    ... You also may want to download the " Securing Windows 2000 Server Security ... to use ipsec "filtering" policies to secure domain controllers and other ... >> filtering policy on your computers which is a policy that uses rules with ...
    (microsoft.public.win2000.security)
  • Re: FreeBSD NAT-T patch integration
    ... As Bjoern said in another mail, we're talking about security. ... Yes, I'm doing most of IPSec / NAT-T stuff at work, but it is mainly ... committing things to security tools without very careful audit. ...
    (freebsd-net)
  • Re: FreeBSD NAT-T patch integration
    ... As Bjoern said in another mail, we're talking about security. ... Yes, I'm doing most of IPSec / NAT-T stuff at work, but it is mainly ... commit the patch", it would already have been done, and we would have ...
    (freebsd-net)
  • Re: IPsec and TLS
    ... >IPsec and TLS offer security are different. ... may i ask if there is any advantages if i add security at a higher layer ...
    (comp.security.misc)