Re: VPN vs changing routes

[Joerg Over Dexia <over () dexia de>]

Am 14:44 10.06.2003 -0400 teilte Keenan Smith mir folgendes mit:
->All,
->
->Given a single user in a single location with a static IP,
besides
->encryption, what would be the difference between using a VPN to
connect to
->the corporate network vs. changing the routing to make the
corporate network
->the first hop?
->
->It seems to me that the latter combined with a firewall rule
and NAT would
->function the same way as a VPN without the overhead.
->
->So other than encapsulating all data between the network and
the VPN client,
->is there any advantage to using the VPN over a change in
routing?

Besides encryption I'd also mention that some VPNs support
stronger authentication methods, including server authentication
towards the client. That way ip-spoofing wasn't sufficient to
either fake the server or the client. Also VPNs should spoil
session hijacking. Some do support compression, might be an
issue.
Generally, I'd say the advantage of VPN over routing is enormous
if the net between is insecure, and at best marginal if it is
secure.

hth, jo

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------