RE: Looking for a PVN-only server to put behind the firewall

[sean.kelly () lanston com]

> > NT Server includes a VPN solution, though hackers are quick 
> to point out
> > that it does have some security problems.  
>
> Hacker?
> You mean Bruce Schneier, who runs Counterpane 
> (http://www.counterpane.com/whycrypto.html)
> and the developer 
> of TwoFish, one of the proposed AES?  Who wrote the definitive text
> "Applied Cryptography" and make a good living showing up the 
> shortcomings of
> various wannabe security products?  Who probably knows more 
> about cyrpto than
> the sum of up to the 98 percentile of the members of this list?
> Is this damning him with faint praise or what?

Bruce may have been the driving force between the testing of MS' VPN
security, but the knowledge is hardly limited to him.  After all, the
results have been published and read by > 0 people.  My comment wasn't meant
to be regarding any specific individual so much as the community at large.
I intend (and use) "hacker" in its original sense, rather than with the
script-kiddy connotation it has now.  Personally, I consider it to be a
somewhat respectful term, and to hardly be limited to
someone-who-breaks-into-computer-systems.

As for crypto -- this is a firewall list, not a crypto list.  I didn't get
any more in-depth for that reason.  If anyone is interested, they can read
the full review on counterpane.  

Besides, the cryptographic integrity of the software wasn't the crux of the
issue.  The original question was regarding possible VPN solutions -- MS'
implementation being just one possibility.  I mentioned that it was known to
have potential security risks as a qualification to my reccommendation, and
never in any way meant to make any comment on anyone.  If I was
misunderstood, I apologize.

Though I failed to mention it, PGPnet may be another possible solution.  It
uses IPsec and I consider it much more secure than MS' VPN... but it's not
free (for commercial use) and not as easy to use.


Sean