IPSec vs. Kerberos

In making your security decisions, you might wonder whether to use IPSec or Kerberos for authentication and encryption. The main difference between them is that IPSec authenticates computer-to-computer communications and Kerberos authenticates user-to-service communications. IPSec doesn't control access to services running on a server; it controls whether a user can connect to the computer at the IP layer, not the application layer. Thus, Kerberos is the best choice for authenticating SQL Server users.

For encryption, IPSec is a better choice because the SQL Server 2000 client and server Net-Libraries don't offer a way to enable Kerberos encryption. IPSec can encrypt the entire network packet and protect it from tampering. IPSec also offers the option of requiring encryption for a successful connection. If securing data on the network is your most important priority, IPSec is the right choice because it defends against a wider range of attacks and both Windows and UNIX/Linux platforms support it.