revengineer Posted May 4, 2014 Share Posted May 4, 2014 Https and vpn are based on similar ssl technology and if you use vulnerable libraries you are screwed either way. Link to comment Share on other sites More sharing options...
jmwills Posted May 4, 2014 Share Posted May 4, 2014 I'll trust VPN over SSL. Link to comment Share on other sites More sharing options...
Jason Posted May 4, 2014 Share Posted May 4, 2014 With WSE12R2 I just RDP to the server using the remotewebaccess.com Remote Gateway for HTTPS encryption. Or VPN via SSTP to server and RDP using the LAN IP. I think they're both HTTPS really? Link to comment Share on other sites More sharing options...
jmwills Posted May 4, 2014 Share Posted May 4, 2014 VPN is tunneling. The entire session is encrypted and more secure than SSL (also known as TLS) Link to comment Share on other sites More sharing options...
dataoscar Posted May 4, 2014 Share Posted May 4, 2014 VPN is tunneling. The entire session is encrypted and more secure than SSL (also known as TLS) How is VPN more secure than SSL? You are overgeneralizing. Both are a set of technologies that use encryption ciphers to accomplish similar behaviors. There are VPN products that use SSL to do the tunneling. Sent from my Nexus 4 using Tapatalk Link to comment Share on other sites More sharing options...
jmwills Posted May 4, 2014 Share Posted May 4, 2014 Heartbleed Link to comment Share on other sites More sharing options...
ikon Posted May 4, 2014 Share Posted May 4, 2014 How is VPN more secure than SSL? You are overgeneralizing. Both are a set of technologies that use encryption ciphers to accomplish similar behaviors. There are VPN products that use SSL to do the tunneling. Sure they both use ciphers, but the exact ciphers they use, and how they're used, are critical factors in how secure they are. I think we can safely assume jmwills is NOT using a VPN based on SSL (let's face it, SSL-based VPN is relatively new compared to others). Link to comment Share on other sites More sharing options...
dataoscar Posted May 4, 2014 Share Posted May 4, 2014 Sorry but heartbleed was due to a bug, so rather a bad implementation of a standard. I am trying to discern between the broad statement that "vpn is more secure than ssl" . At the core of the matter, both are using encrypted tunnels. SSL is just encrypting the HTTP protocol. Link to comment Share on other sites More sharing options...
jmwills Posted May 4, 2014 Share Posted May 4, 2014 When you use https, your browser (acts as a SSL client) will only encrypt this connection to the webserver. When you use VPN, you need a special client and establish a tunnel between the client and the server. Then you can configure which traffic goes through the tunnel. This can be everything or just your http traffic. Link to comment Share on other sites More sharing options...
ikon Posted May 4, 2014 Share Posted May 4, 2014 Hmmmm, I don't think I would agree that SSL is creating a 'tunnel'. In the VPNs I've set up, there are actually 4 IP addresses used: one for the server, one for the client, and one for each end of the virtual tunnel. IOW, the tunnel is its own VLAN. AFAIK, SSL doesn't do that. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now