Re: Question about L2F tunnels

[Bill Pennington <billp () rocketcash com>]

I would yes, absolutely yes. If you are doing financial transactions
then I would think you would want the highest level of protection
possible. I would guess the the tunnels security could be breached
several ways, an "inside" job as in someone at your ISPs NOC sniffing
your tunnel. Another possibility is some breaches your ISPs security and
sniffs the tunnel. In both cases if you are encrypted you are protected.

"Michele M. Jordan" wrote:
> Okay, I had a major provider who is doing Access VPNs tell a customer this:
>
>     It is their
>     statement that encryption is not necessary since it is not leaving the <provider's>
>     network.  The tunnel will provide the necessary security is their position.
>     I then asked her if security wasn't necessary, then why do we need the
>     tunnel?  She said to that: "well the tunnel provides the necessary security,
>     so encryption isn't necessary since it is going from router to router and
>     that's the only connection that is possible.
>
> This is financial data via a dial-up to a provider pop, provider
> forwards an L2F tunnel request to my customer, my customer
> accepts the tunnel request, authenticates via remote Radius, and then
> initiates the tunnel.  If we did do encryption, it would need to be from
> the provider pop to my customer's router.
>
> I think encryption is necessary, what do you think?
>
> -Michele

-- 


Bill Pennington
Senior IT Manager
Rocketcash
billp () rocketcash com
http://www.rocketcash.com