Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: GRE Tunnels without IPSEC risks.

From: "James Jelinek" <jjelinek () hcec com>
Date: Tue, 12 Jul 2011 11:41:34 -0500 (CDT)
GRE is an encapsulation protocol which allows you to connect two tunnels 
together among other things.  It really doesn't provide much in the way of 
security.  You would still need something like PPTP to secure your 
connection if you're sticking with GRE.

Is there a reason why you cannot use IPSEC tunnels to backhaul from the 
smaller offices?  IPSEC can typically be a bandwidth hog (depending on your 
traffic load and connection) but it might be a good alternative to GRE if 
you are able to setup the tunnels to the smaller offices.  If you can 
provide a diagram of your setup, that might be helpful.  I'm more of a 
visual guy myself.


James Jelinek

Harris County Emergency Corps.
Information Technology Manager
O: 281.977.3824
E-mail: jjelinek () hcec com




-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On 
Behalf Of Maps1
Sent: Tuesday, July 12, 2011 4:10 AM
To: security-basics () securityfocus com
Subject: GRE Tunnels without IPSEC risks.

Hi List,

Our network guys have been implementing wireless access points in a remote 
office, which will then use a GRE VPN link back to our main office to 
connect to the wireless controller.

In other remote offices where we have full WAN links back to the main 
office, we have configured the APs to use IPSEC tunnels for this 
communication. Unfortunately, these don't seem to work through the VPN GRE 
tunnels used in the smaller offices.

Please could someone help me to understand the risks (if any) involved in 
setting the AP communication to not use IPSEC tunnels, but to rely on the 
encryption on the GRE VPN tunnel instead?

Thanks!

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL 
certificate.  We look at how SSL works, how it benefits your company and how 
your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web 
server. Throughout, best practices for set-up are highlighted to help you 
ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: