Firewall Wizards mailing list archives

Re: Why VPNs aren't magic silver bullet solutions

From: "Steve Goldhaber" <goldy () cisco com>
Date: Wed, 30 Aug 2000 11:49:28 -0700

Date sent:              Wed, 30 Aug 2000 10:59:32 +0200
From:                   "Volker Tanger" <Volker.Tanger () globalone net>
To:                     marty <marty () supine com>
Subject:                Re: [fw-wiz] Why VPNs aren't magic silver bullet solutions

Greetings!

marty wrote:

VPNs are _very_ useful, if used right. As I said, they're
the equivalent of a heavily guarded point-to-point line.


but, coming back to my point, where is the pros/cons that will help
you decide between application level security and a VPN ??


Unencrypted VPNs only increase the number of networks which can be
connected via the same backbone. You can connect hundreds of 10.0.0.0/8
networks via the same (unencrypted) VPN-backbone cloud without
interferences (except performance).  Unencrypted VPN does NOT add any
security!


This is not always true. For instance, an IPsec-based VPN 
authenticates each packet traversing the VPN without encrypting. 
This keeps anyone from modifying packets or injecting new 
packets into the system. You can also apply filters at the 
endpoints. It provides security without secrecy.


Steve Goldhaber               Cisco Systems
goldy () cisco com               http://www.cisco.com
(303) 444-9532

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards

Current thread:

Re: Why VPNs aren't magic silver bullet solutions TC Wolsey (Sep 05)
- <Possible follow-ups>
- Re: Why VPNs aren't magic silver bullet solutions Steve Goldhaber (Sep 05)