In making your security decisions, you might wonder whether to use IPSec or Kerberos for authentication and encryption. The main difference between them is that IPSec authenticates computer-to-computer communications and Kerberos authenticates user-to-service communications. IPSec doesn't control access to services running on a server; it controls whether a user can connect to the computer at the IP layer, not the application layer. Thus, Kerberos is the best choice for authenticating SQL Server users.
For encryption, IPSec is a better choice because the SQL Server 2000 client and server Net-Libraries don't offer a way to enable Kerberos encryption. IPSec can encrypt the entire network packet and protect it from tampering. IPSec also offers the option of requiring encryption for a successful connection. If securing data on the network is your most important priority, IPSec is the right choice because it defends against a wider range of attacks and both Windows and UNIX/Linux platforms support it.
