Firewall Wizards mailing list archives
Re: PPTP viability (was RE: Gauntlet & NTLM)
From: Jyri Kaljundi <jk () stallion ee>
Date: Wed, 15 Oct 1997 20:50:54 +0300 (EET DST)
On Wed, 15 Oct 1997, Craig Brozefsky wrote:
May I suggest you check out SafePassage Secure Tunnel from www.c2.net, the people who do Stronghold (SSLed Apache). It runs as a seperate process and is basically a port forwarder.
The problem with port forwarders like SSH and all the SSLeay based Windows clients (SSR, Safepassage and many others) is that they are really uncomfortable to use - you have to connect to something like localhost:8193 instead of easy to use www.company.com or telnetserver.company.com. The bigger problem is that they usually support only fixed TCP port applications - not UDP, not FTP, not SQL*Net v.2. These programs are meant to be only a temporary solution until something better comes available. Then of course all the US and Israel firewall vendors have nice transparent (although proprietary) solutions available, but none of them are available outside US (well there are 40-bit versions but nobody uses these anyway). I hope European vendors will have their transparent encryption VPN programs available at least at the beginning of next year. This is good for users, but bad for firewalls, since that day everyone will have full easy to use two-direction encryption available to go through the firewalls. It is not so bad for application layer firewalls (if they are correctly implemented, don't allow clear TCP communications through proxies and don't have any null tunnels implemented), but for stateful inspection firewalls it is something to think about. Jyri Kaljundi jk () stallion ee AS Stallion Ltd http://www.stallion.ee/
Current thread:
- RE: Gauntlet & NTLM, (continued)
- RE: Gauntlet & NTLM Ge' Weijers (Oct 13)
- RE: Gauntlet & NTLM Craig Brozefsky (Oct 13)
- RE: Gauntlet & NTLM Aleph One (Oct 14)
- RE: Gauntlet & NTLM Marcus J. Ranum (Oct 14)
- RE: Gauntlet & NTLM Ge' Weijers (Oct 14)
- RE: Gauntlet & NTLM Magossa'nyi A'rpa'd (Oct 15)
- PPTP viability (was RE: Gauntlet & NTLM) Philip Cox (Oct 15)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Adam Shostack (Oct 15)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Ge' Weijers (Oct 15)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Craig Brozefsky (Oct 15)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Jyri Kaljundi (Oct 17)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Kent Crispin (Oct 21)
- RE: Gauntlet & NTLM Ge' Weijers (Oct 14)
- Re: Gauntlet & NTLM (PPTP weekness) Chris Boscolo (Oct 15)
- Re: Gauntlet & NTLM (PPTP weekness) Ge' Weijers (Oct 15)
- RE: Gauntlet & NTLM Aleph One (Oct 13)
- VPN services thru firewall was: Gauntlet & NTLM Craig Brozefsky (Oct 14)