Re: Why VPNs aren't magic silver bullet solutions

[Jeffery.Gieser () minnesotamutual com]

Marty,

#If i have sensitive data traversing data links i have no control over, why
#not extrapolate what you pointed out and implement encryption at each
#application level where it is required rather then everything traveling
#between the two points... ?? Is there a performance difference ??

#Where is the advantage in wholesale encryption between two points as
#opposed to application selective encryption ??

#Ok, so i can think of one already:  ;)

#- Client/server applications which are closed source with no inbuilt
#means of encrypting connections.

#What are some others ?

I can think of four other reasons.

1.  A VPN encrypts everything between two end points.  I do not have to
maintain/troubleshoot 40 different encryption techniques and keys for the
40 different applications that I want encrypted data for between two end
points.  I just need to maintain one VPN solution and one set of keys.

2.  Having been a Signals Intelligence Analyst in a former life I know I
can prevent more types of traffic analysis by having a VPN that encrypts
everything between two end points rather than encrypting at the application
layer.

3.  I only have to worry about the implementation bugs in the VPN solution
rather than worrying about the implementation bugs in the 40 add-on
application layer encryption modules for the 40 applications.

4.  Hopefully, a company who sells a security product like a VPN is better
at the whole encryption thing than a company who's real job is to build
remote control software or some other application.

Regards,
Jeffery Gieser


_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards