Secure Communication Channels
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing Certified Information Systems Security Professional premium course — no separate purchase.
Included in this chapter:
- The channel-selection model: layer, trust, residence
- Remote access architectures and the four access methods
- IPsec internals, voice/UC, and third-party links
- Exam-pattern recognition
Remote-access / site VPN channel technologies compared
| Property | IPsec VPN | TLS "SSL" VPN | SSH tunnel |
|---|---|---|---|
| Layer protected | Network layer (OSI 3) - all IP traffic | Above transport (session) - per application | Application/transport - per forwarded port/app |
| Typical use | Gateway-to-gateway and remote-access (host-to-gateway) | Clientless browser portal or thin tunnel client | Admin access and ad-hoc port forwarding |
| Client requirement | VPN client software or a network with a VPN gateway | Often just a web browser (portal) or lightweight plug-in | SSH client; user-driven, often not centrally managed |
| Scope of traffic | Protects many protocols at once, transparently | Best for a few specific applications | Tunnels specific protocols/ports a layer at a time |
| Authoritative NIST guide | SP 800-77 Rev. 1 | SP 800-113 | NIST IR 7966 / SP 800-46 |
| Common pitfall | Choosing AH (no confidentiality) when ESP is required | Treating a per-app control as a site-wide tunnel | Harder to configure/manage; ungoverned user tunnels |
Decision tree
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.