SSL is a protocol suite enabling in transit security through data encryption, server authentication, and message integrity at four Open Systems Interconnection (OSI) reference model layers. For Internet communications, SSL is normally utilized in conjunction with an entity’s public key infrastructure. Commonly, when the trans-border privacy breach risk is low, the Hyper Text Transfer Protocol Security service is employed with SSL encryption to protect sensitive web packets. Beneficially, where SSL is integrated for required privacy related communication, applications no longer need to implement secure connectivity. Nevertheless, security managers should not interpret SSL deployment as the ‘bullet-proof’ technology that completely defers application communication privacy issues. Specifically, SSL should initiate deployment caution when utilized for mutual application authentication, since there are two different session keys seeking connectivity authorization during bidirectional interfaces. Consequently, each key should be verified before transmitting legally protected data.
Alternatively, IPSec is a protocol suite that enables security at five OSI reference model layers during internetworking communications. The IPSec model is an architecture composed of standard rules for protecting Internet Protocol traffic. These standard rules can be incorporated into transport and tunnel mode encapsulation. Tunnel mode provides two additional header records for sending messages, thus requiring more processing. Neither the application nor the stacking protocol needs to be cryptographically aware, since all designated traffic is encrypted regardless of origin within the entity’s information security perimeter. Possible IPSec issues are network device computational and/or bandwidth overhead.
“View Part I of the Trans-border Communication Protection series here“