Re: CISCO Vpn

[Ron DuFresne <dufresne () winternet com>]

On Wed, 23 Jun 2004, Harlan Carvey wrote:

> Ron,
>
> > It's estimated
> > that at least 75% of vpn's in place for this kind of
> > use are nothing more then that.
>
> I'd like to take a closer look at this...when you say
> "estimated", by whom?  What's your source?  I'm not
> disagreeing, as I agree with your post...I'm just
> looking to dig a little deeper into this.

Harlan,

> From a poll I conducted a number of months back in preperation for a paper
on the topic I have not had time to write up as of yet.  I polled the
firewall wizards group and took time to tap additional resources that semi
monitor that list such as the VPN queen Tina Bird and a number of others
on and off that and various other lists.  I mentioned here the smallet
figure that others suggested might be more accurate, some folks suggested
that as many or as high a figure as 90% or more might be tunnels that
can't define a policy that complies with the corpoate end and thus mostly
a potential for encrypted traffic of latest worm/trojan/sploit code <vpn
madness>.

What is surprising is how few vendors have any kind of checks in their vpn
SW that tries to verify the policy and compliance from the client end.
Tina pointed out her research a few years dated from mine suggested at
that time that perhaps two or three vendors took any real steps in this
regard.  The responces of others to my small poll suggest these numbers
have not changed too dramatically up to this time.

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html