Firewall Wizards mailing list archives
Re: Opinions on VPN?
From: Rick Smith <rick_smith () securecomputing com>
Date: Mon, 19 Apr 1999 13:04:32 -0500
At 06:26 PM 4/17/99 -0700, Jan B. Koum wrote:
Just wanted to find out what other people opinion on 'VPN' as a general idea? IMHO, the person who came up with the VPN idea should be shot, because in most cased all VPN do is create entry points into your network (in most cased right past the firewall and some times in the hear of your network).
If the VPN is replacing a WAN constructed of private circuits, then I agree with Ryan Russell that the security difference is a wash. It doesn't make things worse and it almost certainly reduces costs. The key problem is that a new VPN increases the size of the user community witin the security perimeter, and that increases the risk of an insider attack (which is never zero, by the way). I like the notion of putting firewall protections between sites, even within a VPN, but that can take some inspired system administration so it doesn't interfere with ongoing work. Arguably, if the site already has its payroll, accounts receivable, operations, and engineering groups on the same undifferentiated network, then it's already got lots of risks, VPNs notwithstanding. Many companies lock up the payroll department, workstations and all, after working hours. They need to do the same with its LAN/backbone connection. A few do.
Am I alone in the opinion that VPN mostly suck or is it just because I tend to run into a lot of misconfigured cisco routers which do encrypt data, but also route packets from others into your net :(
In other words, they do crypto between VPN peer sites and also allow plaintext exchange with non-VPN sites, like for Web surfing and e-mail traffic. Most sites need vanilla Internet access these days, so I assume you're not complaining about that. So perhaps the problem is that they need more firewalling than the Cisco provides. Rick. smith () securecomputing com
Current thread:
- Opinions on VPN? Jan B. Koum (Apr 18)
- Re: Opinions on VPN? Frederick M Avolio (Apr 19)
- Re: Opinions on VPN? Andreas Gunnarsson (Apr 19)
- Re: Opinions on VPN? Jonathan Poole (Apr 20)
- Re: Opinions on VPN? Rick Smith (Apr 20)
- Message not available
- Re: Opinions on VPN? dreamwvr (Apr 20)
- <Possible follow-ups>
- Re: Opinions on VPN? Ryan Russell (Apr 19)
- Re: Opinions on VPN? Paul M. Cardon (Apr 20)
- RE: Opinions on VPN? Kyle Starkey (Apr 20)
- RE: Opinions on VPN? Litney, Tom (Apr 20)
- Re: Opinions on VPN? Philip S Holt, Security Engineer / Network Engineer (Apr 21)
- RE: Opinions on VPN? John McDonald (Apr 20)
- RE: Opinions on VPN? dreamwvr (Apr 21)
- RE: Opinions on VPN? Andreas Gunnarsson (Apr 22)
- RE: Opinions on VPN? dreamwvr (Apr 21)
- RE: Opinions on VPN? Dendeni, Iyes (Apr 21)