Security Basics mailing list archives
Re: VPN vs changing routes
From: Joerg Over Dexia <over () dexia de>
Date: Wed, 11 Jun 2003 12:35:52 +0200
Am 14:44 10.06.2003 -0400 teilte Keenan Smith mir folgendes mit: ->All, -> ->Given a single user in a single location with a static IP, besides ->encryption, what would be the difference between using a VPN to connect to ->the corporate network vs. changing the routing to make the corporate network ->the first hop? -> ->It seems to me that the latter combined with a firewall rule and NAT would ->function the same way as a VPN without the overhead. -> ->So other than encapsulating all data between the network and the VPN client, ->is there any advantage to using the VPN over a change in routing? Besides encryption I'd also mention that some VPNs support stronger authentication methods, including server authentication towards the client. That way ip-spoofing wasn't sufficient to either fake the server or the client. Also VPNs should spoil session hijacking. Some do support compression, might be an issue. Generally, I'd say the advantage of VPN over routing is enormous if the net between is insecure, and at best marginal if it is secure. hth, jo --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Re: Firewall and DMZ topology, (continued)
- Re: Firewall and DMZ topology Daniel B. Cid (Jun 10)
- Re: Firewall and DMZ topology Chris Berry (Jun 10)
- RE: Firewall and DMZ topology David Gillett (Jun 10)
- Re: Firewall and DMZ topology Erik Vincent (Jun 10)
- Re: Firewall and DMZ topology Zach Crowell (Jun 10)
- Re: Firewall and DMZ topology Erik Vincent (Jun 10)
- VPN vs changing routes Keenan Smith (Jun 10)
- Re: VPN vs changing routes chort (Jun 10)
- RE: VPN vs changing routes David Gillett (Jun 10)
- Re: [security] VPN vs changing routes Martin (Jun 11)
- Re: VPN vs changing routes Joerg Over Dexia (Jun 11)
- Re: Firewall and DMZ topology Daniel B. Cid (Jun 10)
- Re: Firewall and DMZ topology Steve Bremer (Jun 10)
- Re: Firewall and DMZ topology Daniel B. Cid (Jun 10)
- Message not available
- Re: Firewall and DMZ topology Daniel B. Cid (Jun 10)
- Re: Firewall and DMZ topology Aaron Fisher (Jun 11)