.NET Security: IPSec vs. SSL

Abstract

This paper presents the results of work by the author on application and comparative performance of IP Security (IPSec) and Secure Socket Layer (SSL) protocols in a Microsoft .NET 3-tier client-server network. To evaluate the performance of each security protocol, the author created a typical 3-tier client-server e-commerce model in which data communication passed through three distinct pathways: (1) channel between client and Web server over Internet, (2) channel between the Web server and application server, (3) channel between the application server and database server. The primary focus in this paper remains on the third channel where IPSec and SSL were used to connect the application server to the database server. A preliminary analysis of the collected data sheds light on performance of IPSec and SSL in Microsoft .NET environment. It also suggests that in pathways where SSL and IPSec could be used interchangeably, the selection of the most suitable security protocol ought to be dynamic.