Re: Why VPNs aren't magic silver bullet solutions

[Mikael Olsson <mikael.olsson () enternet se>]

marty wrote:
> <snip a very imformative piece>
>
> So on that basis, what are VPNs good for?

VPNs are _very_ useful, if used right. As I said, they're
the equivalent of a heavily guarded point-to-point line.

Connecting security equivalent networks with VPNs is fine; that's 
what they were designed to do. For instance, connecting a branch
office, where you can guarantee local security, to the head office 
is one perfect VPN application.

The problem I was addressing is when VPNs are used to
connect networks that are NOT security equivalent on
the misled belief that they'll automagically guarantee
endpoint security. This is something that they can never do.

Anyone holding the equivalent of a piece of ethernet cable 
and looking at the DMZ switch and the internal network 
switch would realize that it's a Bad Idea(tm), one would 
think, but apparently, that's not always the case. 

That's why I wrote that piece, not to say that "VPNs
suck". They don't. :)

Regards,
Mikael Olsson

-- 
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 29 92 00         Direct: +46 (0)660 29 92 05
Mobile: +46 (0)70 66 77 636        Fax: +46 (0)660 122 50
WWW: http://www.enternet.se/       E-mail: mikael.olsson () enternet se

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards