Explain the difference of VPN vs HTTPS?

212    Asked by ankurDwivedi in Cyber Security , Asked on Feb 7, 2022

 would like to design a client-server application where the server is placed on Internet. I assume that I could set up the client-server connection using VPN (is it using IPSec?) or using a SSL connection (possibly https). What are the differences between VPN/IPsec and SSL/https for securing a client server connection over Internet?

Answered by ajith Jayaraman

From VPN vs HTTPS, Both have security issues if not configured correctly. But first lets start with some definitions: Cisco have a good definition of a VPN:

VPN can take several forms. A VPN can be between two end systems, or it can be between two or more networks. A VPN can be built using tunnels or encryption (at essentially any layer of the protocol stack), or both, or alternatively constructed using MPLS or one of the “virtual router” methods. A VPN can consist of networks connected to a service provider’s network by leased lines, Frame Relay, or ATM, or a VPN can consist of dialup subscribers connecting to centralized services or other dialup subscribers. https://www.cisco.com/c/en_in/products/security/vpn-endpoint-security-clients/what-is-vpn.html

As for SSL: SSL (Secure Sockets Layer), also known as TLS (Transport Layer Security), is a protocol that allows two programs to communicate with each other in a secure way. Like TCP/IP, SSL allows programs to create "sockets," endpoints for communication, and make connections between those sockets. But SSL, which is built on top of TCP, adds the additional capability of encryption. http://www.boutell.com/newfaq/definitions/ssl.html In relation to your question, the main difference is that SSL often makes use of the browser to encrypt data between end user and the server, and is commonly used for areas of websites that require the protection of confidentiality and integrity of the data. VPN/IPSEC requires specific VPN Client software and is generally for providing remote access to systems or networks. Also there is the option to go for L2TP or L2F instead of IPSEC.

However, SSL VPNs are becoming more prevalent as a means to provide access to networks / systems via the web browser. This approach has many benefits as it uses the common web browser to enable the secure connection. The granularity of this approach is also a good way to control access to specific applications. As for security issues - SSL -

Weak security cyphers could lead to the ability to conduct man-in-the-middle style attacks against the end user, resulting in a loss of confidentiality / integrity of the data. Poorly configured mix of HTTP / HTTPS content could also lead to a loss of confidentiality / integrity of the data. IPSEC - Introduction of a potential DoS condition. An example of this would be http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20ee5.shtml Loss of confidentiality issues such as a 2008 Microsoft issue which could cause systems to ignore IPsec policies and transmit network traffic in clear text. https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-047



Your Answer

Online Course

Tutorials

Salesforce Tutorial

Software Testing Tutorial

SQL Tutorial

Business Analyst Tutorial

Devops Tutorial

Data Science Tutorial

AWS Tutorial

Hadoop Tutorial

SSRS Tutorial

AWS S3 Tutorial

Functional Testing Tutorial

SSAS Tutorial

Automation Testing Tutorial

Manual Testing Tutorial

Selenium Tutorial

Kubernetes Tutorial

Scala Tutorial

ETL Testing Tutorial

Python Tutorial

Pyspark Tutorial

R Tutorial

Unit Testing Tutorial

API Testing Tutorial

Puppet Tutorial

Integration Testing Tutorial

Chef Tutorial

Jenkins Tutorial

Ansible Tutorial

Vagrant Tutorial

Docker Tutorial

Interviews

Parent Categories

Copyright | JanBaskTraining.com