In analyzing these differences, Table 3: Comparing Technological and Operational benefits of IPv6-based SSL and IPv4-based IPSec VPNS, was created. Starting first with the client access options, IPv6-based SSL can support a clientless interface through its browser at longer address lengths, support for semi-clientless through Java and ActiveX clients developed in AJAX, and also in a full client configuration. This flexibility in use of the IPv6-based SSL protocol is leading to significantly higher levels of adoption overall. IPv4-based IPSec has a single client access option that needs to be pre-installed on every system. Requiring a full client software application translates into higher levels of it maintenance, yet at the same time greater flexibility in creating highly customized security parameters.
Another significant technological difference between IPv6 and IPv4', specifically from an it standpoint, is the client-side security integration possible using IPv4 versus IPv6. The fact that IPv6 can specifically integrate with a variety of web-based applications and provide security and authentication through the use of digital certificates has lead to its adoption throughout many areas it wasn't initially designed for. In effect the breadths of integration options for IPv6-based SSL VPNs are creating entirely new classes of users. Another factor that leads it departments to favor IPv6-based SSL over IPv4-based IPSec is the support for auto-updates through configuration, and the fact there is very little it support required to keep a secured IPv6-based SSL-based network up and running from the client side. Conversely, there is often a significant level of it administration and support required for IPSec-based configurations.
Table 3: Comparing Technological and Operational benefits of SSL and IPSec VPNS
Technological Benefit
Category
IPv6-based SSL VPNs
IPv4-based IPSec VPNs
Client Access Options
Three options:
Clientless (browser)
Semi-clientless (auto downloadable Java or ActiveX agent)
Full Client (statically installed)
One option: full client (statically installed) for network-level connection
Access Control
Very granular - per use and per application
Very little granularity - typically permit or deny
Client-side security
Tight integration with a wide variety of client types
Tight integration with only PCs
Operational Benefit
Installation
Often doesn't require installation
Requires installation on every client machine
Client configuration
Native abilities to auto-update
Requires third-party software to facilitate auto-updates
Evaluating the differences between IPv4 and IPv6 it's valuable to consider the various user segments and their uses of these protocols for their specific needs and requirements. The needs of those employees who are traveling the majority of time, often working with customers and in sales and sales support roles are often called road warriors, and have significantly different needs than it administrators and field engineers. Table 4: Comparing the Use of IPv4 versus IPv6 VPNs by Type of User, presents an analysis of the needs of road warriors, channel partners and executives, in addition to field engineers and it administrators regarding their application requirements including typical applications used, remote access frequency, and selection of IPv4 versus IPv6.
Power users are those types of users who require VPNs over 70% of the time to do their jobs.
Table 4: Comparing the Use of IPv6 versus IPv4 VPNs by Type of User
Type of User Power User? (meaning using VPNs 70% or more of the time on their jobs) Typical Applications Relative number of employees Remote access frequency IPv4 or IPv6 Comments Road Warriors
E-mail and front-office suites including CRM and ERP applications including order management
Many
Very Often (over 80% of the time)
IPv6
SSL used extensively in this area as it negates firewall traversal; works will from locations that may block IPSec sessions and queries from clients (hotels, convention centers)
Partners
Extranet portals; ERP and supply chain applications; pricing and order status access
Many
IPv6; previous generation applications support IPv4 through legacy applications
IPSec legacy systems required partners to get login and password; administratively difficult to complete; SSL easier to administer; strong integration with portals
Executives
E-mail and front office suites of applications; multimedia
Very Few
IPv6
Ease of configuration and use; SSL typically has a less intrusive interface.
Table 4: Comparing the Use of IPv6 versus IPv4 VPNs by Type of User (continued)
Type of User Power User? (meaning using VPNs 70% or more of the time on their jobs) Typical Applications Relative number of employees Remote access frequency IPv4 or IPv6 Comments Field engineers
CAD/CAM and engineering applications; inventory and ERP queries only sporadically
Few
Not Often
IPv4 (IPv6 becoming more used in this are)
Bandwidth-intensive applications work best in Level 3 operation (OSI Model).
IPSec also is backward compatible with many other legacy field applications
IT Administrators
Diagnostic and monitoring through the use of VPNS; Extensive use of Telnet sessions to administer systems remotely; database access and queries
Very Few
Not Often
IPv4 (IPv6 is slowly making inroads into this area)
IPv4 running the IPSec VPN protocol is favored by this class of user due to the integration and extension to LANs and more network administration applications;
IPv6 running SSL is optimum for configuring it management portals
Another useful analytical approach to evaluating the differences...
For financial services firms for example, including the Royal Bank of Canada, the use of account validation for their commercial accounts. Financial Services are one of the key industries that continue using a combined approach to security over VPNs selectively using IPv4 and IPv6 depending on the specific business process requirement. Financial Services is also another industry that is taking a hybrid-based approach to managing security across their VPNs. In the case of Deloitte, the extensive use of IPv6 for managing commercial transactions is commonplace. This consulting firm relies on the use of IPv6-based SSL VPN sessions for enabling their consultants and partners who spend the majority of their time traveling, and working on clients' sites. In the public sector there is the critical need for ensuring a high level of confidentiality and security in posting and managing tickets, letters of compliance, and the tracking of enforcement strategies. Industries that require a hybrid approach to managing security include healthcare, where HIPAA reporting requirements make it critical to have IPv4 running IPSec-based VPN sessions, while outbound sales and service personnel need the convenience and security of IPv6 over SSL.
Financial Services Business Services Public Sector Healthcare Retail and Wholesaler Manufacturing Company
Royal Bank of Canada
Deloitte
Arizona Game and Fish
Virtua Health
VF Corporation
Large U.S. auto manufacturer
Business Drivers
Remote Access to non-staff agents
Accommodate flexible work assignments
Cost savings in reducing number of allocated laptops
Remote access from client locations
Enhancing filed agent productivity by providing cost-effective remote access over broadband and dial-up.
Access to non-Web-based terminal applications
Providing Web-based e-mail for all employees, including those without laptops
Extranet for suppliers, vendors, and partners
Technology Requirements
Endpoint security
Application-level firewalling with predefined rules
Integrates with IPv4for account validation)
Firewall friendly
Strong client options
Managed Service
Integrates with IPv4 for transactions)
Easy set-up and configuration
Broad app support using clientless Web browsers
Uploads of tickets and materials via IPv4)
Terminal or "green screen" compatibility
Policy for HIPAA compliance
HIPAA compliance uploaded via IPv4)
Detailed configuration options
Strong Lotus Notes compatibility
Internet Information Server-compatible deployment
Pricing is updated via IPv4)
Managed service
Scalable for future expansion
Extensive use of IPv4for pricing; financial reporting across divisions)
Deployment Size
100 to 1,000
20,000 to 25,000 users
200 growing to 500 in 2005
8,500 growing to 10,000
500 growing to 10,000
100 growing to 5,000
Application usage
Moderate; mostly e-mail, Web portal, and terminal services apps
Moderate; mostly e-mail and client/server
Moderate; mostly terminals services, e-mail, file access, and UNIX emulation
Complex; e-mail; client-server; and legacy mainframe applications
Moderate; mostly e-mail and client/server
Moderate variety of clientless applications through the extranet
Table 5: Industry-Specific Implementations of IPv4-based IPSec and IPv6-based SSL VPNs
Summary
Beginning with an analysis of the configuration, scalability and performance aspects of IPv4 versus IPv6-based SSL vs. IPv4-based IPSec protocol over networks and VPNs, and progressing into an analysis of how these functional differences are defining the use of these two respective protocols is the foundation of this paper. By far the greatest influence on both protocols today is the requirement of compliance to Sarbanes-Oxley, HIPAA and additional governance, risk and compliance reporting and auditing requirements. As more and more publicly traded organizations rely on networks as the foundation of their transactions, including the development of entirely new approaches to collaborating with employees, trading partners and suppliers, the IPv6 protocol will become more pervasive. The support of wireless communication by this standard will also accelerate its adoption over time. Clientless access, remote access orientation and the IPv6 transport security configuration options have also been explored. IPv4-based IPSec VPNs are the dominant approach it departments have taken in the past, yet the configuration and security options available in IPv6-based SSL VPNs are quickly gaining ground. While there are many areas in network configurations and topologies where the advantages of IPv6 can be seen, VPNs are experiencing the most rapid growth.
references/ssl.html.
IPSec VPNs: Conformance & Performance Testing. 12 Jan. 2003. White Papers Ixia. 11 Apr. 2007. Accessed from the Internet on May 28, 2008 from location: http://www.ixiacom.com/library/white_papers/display?skey=ipsec
Lehtovirta, J (2006). Transition from IPv4 to IPv6. White Paper, 1, Retrieved June 3, 2008, at http://www.tascomm.fi/~jlv/ngtrans/
Kent, S. Security Architecture for the Security Protocol (2007). Network Working Group. Nov. 1998. Javvin Network Managing & Security. 05 Apr. 2007. Accessed from the Internet on June 4, 2008 from location:
http://www.javvin.com/protocol/rfc2401.pdf
http://www.aicpa.org/info/sarbanes_oxley_summary.htm
http://www.securitytechnet.com/resource/rsc-center/vendor-wp/openreach/IPSec_vs_SSL.pdf
http://www.opus1.com/o/index.html
This is however, not considered foolproof. It is possible to break the security by a person having adequate technical expertise and access to the network at hardware level. In view of this the SSL method with right configuration is considered perfectly sufficient for all commercial purposes.5In order to safeguard the data while in transit it is customary to adopt a practical SSL protocol covering all network services that use
References www.questiaschool.com/PM.qst?a=o&d=113454035 Cole, C., Ray, K., & Zanetis, J. (2004). Videoconferencing for K-12 Classrooms: A Program Development Guide. Eugene, or: International Society for Technology in Education. Retrieved November 26, 2008, from Questia database: http://www.questia.com/PM.qst?a=o&d=113454035 FAQs about Internet2. Retrieved November 26, 2008, at http://www.internet2.edu/about/faq.html www.questiaschool.com/PM.qst?a=o&d=106217067 Goodman, P.S. (Ed.). (2002). Technology Enhanced Learning: Opportunities for Change. Mahwah, NJ: Lawrence Erlbaum Associates. Retrieved November 26, 2008, from Questia database: http://www.questia.com/PM.qst?a=o&d=106217070 Hanss T. Internet2: Building and Deploying Advanced,