Open source IPSec can seem like a great idea when considering security options for networked devices. Open source IPSec alternatives are widely used, readily available, and best of all, they’re free!
But are they, really?
Mocana NanoSec is specifically developed for embedded devices. At first glance, choosing between “free” and “something I have to pay for” can seem like an easy choice, but in reality, “free” can wind up costing you much, much more in the long run.
Some challenges of using open source IPSec in non-PC environments include:
Portability—Open source IPSec was designed for desktop systems, and it was never designed to be “slim”. Open source IPSec contains redundant code, resulting in a product often too bulky for memory-constrained devices. Porting can take days, or even weeks, to adapt the code to networked device platforms.
Maintenance—With any new release, open source IPSec needs to be re-ported, retested, and reoptimized, requiring further costly development time.
Security—An engineer without extensive crypto experience can inadvertently create new holes and vulnerabilities in the application they are attempting to secure. Additionally, open source IPSec has a history of security implementation flaws; some that go many months before being fixed.
Quality—Open source code quality varies from project to project, and none of the projects integrate best-practices QA procedures. It’s strictly “use at your own risk”. That means when you’re integrating open source code into your commercial product, you don’t only have to test and debug your own code, you have to test and debug theirs as well.
Support—As a voluntary project, open source IPSec relies on mailing lists to take the place of professional documentation and support. When something goes wrong, there’s no one to call. You post a question in a forum, and then hope someone posts an answer.
In comparison, NanoSec addresses these issues in a fast, lightweight package that is high on performance and incredibly easy to install.
NanoSec was specifically designed and optimized for memory-constrained devices -- it has a considerably smaller footprint, and doesn’t require extensive adaptation to a non-PC environment.
NanoSec’s API-based foundation is backwards compatible, and requires no time-consuming, repeated integration.
NanoSec's accelerated IPSec throughput typically performs 4x better than open source IPSec
NanoSec is available off the shelf for dozens of operating systems, and with our clear documentation, NanoSec can be ported to new OS’s in under two hours. NanoSec’s optimized IPSec can even run without an RTOS.
Mocana's developer support team is available 24/7/365 to answer any questions regarding IPSec encryption, general device security design, or any product within the Mocana device security framework.
All of Mocana’s security products are continually monitored by our engineers – in the event that an issue arises that affects integrity, Mocana notifies customers, releases a patch, and will even send an entire new library, if needed – typically within hours.
When time, effort, and ongoing maintenance are factored in, NanoSec has a demonstrably lower total cost of ownership than open source IPSec. It’s also much faster, much smaller, and much easier to deal with overall.
