FOR - Gary Tomlinson, Chief architect, Aventail
Demand for remote access has expanded beyond site-to-site into areas IPsec is ill-suited to handle. This world of anywhere access is where SSL VPNs thrive. Unlike IPsec, which is open or permit by default, SSL has a closed security model and is deny by default. With an SSL VPN, a secure communication link is made independent of the IP network layer directly between the end-point device and the VPN server, with access granted to a specific, named resource. Today's SSL VPN solutions no longer take a back seat to IPsec either in terms of application reach or performance, enabling access to all applications via web-based or client-based access methods. What's more, SSL VPNs are easier to deploy, do not require a client, can be accessed via the web and provide strong granular access control and end point security.
Remote access is no longer about network-to-network connections – it's about connecting users to application resources, no matter where that user is, how they are connecting to the internet, or what type of device is being used.
AGAINST - Nick Lowe, Regional director, Check Point
IPsec is mature, but that's not to say it's had its day. Customers need the opportunity to choose the encryption technology that best meets their needs, whether it is SSL or IPsec. With maturity comes an increasing amount of interoperability between vendors, something that is particularly true for site-to-site VPNs using IPsec. With the use of IPsec clients, users can add increased control of the remote access point, typically a laptop, home desktop or PDA. If a user can control the personal security policy on the remote device, the organisation can increase protection of its assets.
Typically with IPsec clients, a user can make additional security checks, such as making sure the correct version of the antivirus software is running. IPsec clients also support the full range of TCP/IP apps. This is increasingly important as remote users access peer-to-peer, multi-media or VoIP apps. IPsec enables a business to choose a mature technology that can be part of its overall security strategy for managing access to remote sites.
Has IPsec had its day? Far from it.