MultiNet Security Options Comparison - SSH, IPSEC, and KerberosWHEN TO USE SSH
SSH provides secure communication for trans- mitting data through an unsecured network such as the Internet. Even though Virtual Private Networks (VPN’s) using IPSEC provide the same basic function (secure communication between the remote office or telecommuter communication with Corporate Headquarters), there are some instances where SSH would be a better choice than IPSEC or Kerberos.
For example, if you have very specific point-to- point secure communication requirements, then SSH would be the better solution. SSH client/server models can easily encrypt data from one point to another. SSH can encrypt any application for the duration of a session, provided the application has a known port. Applications that meet this criteria include e- mail, database connections, and printing sym- bionts. The advantage to encrypting selected applications is that it reduces the potential of creating unnecessary network overhead associ- ated with encrypting all applications as is done with VPN’s using IPSEC.
WHEN TO USE IPSEC
WHEN TO USE KERBEROS
Kerberos uses dedicated authentication servers that can be hosted on machines physically distinct from any other network services, such as file or print servers. The authentication servers possess secret keys for every user and server in the network. Kerberos is ideal for situations where centralized administration is desired. An authentication server can be maintained in one location serving many Kerberos users. As an aside, SSH can be configured to work with Kerberos authentication, thereby eliminating the SSH authentication configuration requirements.