Security Basics mailing list archives

RE: VPN vs changing routes

From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 10 Jun 2003 13:15:08 -0700

  IF they're only one hop away from the corporate network, then
all the VPN buys you is confidentiality from snoopers on that
segment (which, in some applications, could be important).

David Gillett

-----Original Message-----
From: Keenan Smith [mailto:kc_smith () clark net]
Sent: June 10, 2003 11:44
To: security-basics () securityfocus com
Subject: VPN vs changing routes

All,

Given a single user in a single location with a static IP, besides
encryption, what would be the difference between using a VPN 
to connect to
the corporate network vs. changing the routing to make the 
corporate network
the first hop?

It seems to me that the latter combined with a firewall rule 
and NAT would
function the same way as a VPN without the overhead.

So other than encapsulating all data between the network and 
the VPN client,
is there any advantage to using the VPN over a change in routing?

Thanks in advance for all the good advice.

KC Smith

~~~Ensuring that suave and debonair sophistication is always 
a part of IT

--------------------------------------------------------------
-------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by 
top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure 
remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
--------------------------------------------------------------
--------------


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

Current thread:

RE: Firewall and DMZ topology, (continued)
- - RE: Firewall and DMZ topology ed (Jun 10)
    - Re: Firewall and DMZ topology Erik Vincent (Jun 10)
    - Re: Firewall and DMZ topology Daniel B. Cid (Jun 10)
- Re: Firewall and DMZ topology Chris Berry (Jun 10)
  - RE: Firewall and DMZ topology David Gillett (Jun 10)
  - Re: Firewall and DMZ topology Erik Vincent (Jun 10)
    - Re: Firewall and DMZ topology Zach Crowell (Jun 10)
    - Re: Firewall and DMZ topology Erik Vincent (Jun 10)
    - VPN vs changing routes Keenan Smith (Jun 10)
    - Re: VPN vs changing routes chort (Jun 10)
    - RE: VPN vs changing routes David Gillett (Jun 10)
    - Re: [security] VPN vs changing routes Martin (Jun 11)
    - Re: VPN vs changing routes Joerg Over Dexia (Jun 11)
    - Re: Firewall and DMZ topology Daniel B. Cid (Jun 10)
    - Re: Firewall and DMZ topology Steve Bremer (Jun 10)
  - Re: Firewall and DMZ topology Daniel B. Cid (Jun 10)
    - Message not available
    - Re: Firewall and DMZ topology Daniel B. Cid (Jun 10)
  - RE: Firewall and DMZ topology Des Ward (Jun 10)
    - Re: Firewall and DMZ topology Aaron Fisher (Jun 11)
  - Re: Firewall and DMZ topology Christopher Ingram (Jun 10)
- RE: Firewall and DMZ topology Chris Berry (Jun 10)

(Thread continues...)