Firewall Wizards mailing list archives
Re: Why VPNs aren't magic silver bullet solutions
From: Mikael Olsson <mikael.olsson () enternet se>
Date: Wed, 30 Aug 2000 11:19:08 +0200
marty wrote:
Mikael Olsson wrote:VPNs are _very_ useful, if used right. As I said, they're the equivalent of a heavily guarded point-to-point line.but, coming back to my point, where is the pros/cons that will help you decide between application level security and a VPN ?? (assuming two sites connected by pipes you have no control over)
Jeffrey Gieser listed a couple of very good pros for VPNs. The deciding factor is, to me, the ability to filter what gets passed in the VPN. If you can terminate your VPN endpoint at a place where you can subsequently filter the plaintext traffic, you can easily establish a full VPN connection, but only allow (for instance) port 25 for inbound mail. This assumes that the filter can tell for sure that the traffic actually came from the VPN rather than from some other place (such as the Internet at large). If you can do this, there's no reason to NOT choose a VPN. The problem scenario I was describing was making use of a full unrestricted VPN, something that is usually bad for a number of reasons. VPNs, modem pools and other types of private networks should all be regarded as a point of entry into the local network and accordingly have traffic filtering applied to them. These filters will likely not be the same as the filters applied to internet connectivity, they'll likely be less restrictive, but they should be filtered all the same. The principle of "least privilege" is always a very sound one in the world of computer security. Regards, Mikael Olsson -- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46 (0)660 29 92 00 Direct: +46 (0)660 29 92 05 Mobile: +46 (0)70 66 77 636 Fax: +46 (0)660 122 50 WWW: http://www.enternet.se/ E-mail: mikael.olsson () enternet se _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Why VPNs aren't magic silver bullet solutions Mikael Olsson (Aug 28)
- Re: Why VPNs aren't magic silver bullet solutions marty (Aug 29)
- Re: Why VPNs aren't magic silver bullet solutions Mikael Olsson (Aug 29)
- Re: Why VPNs aren't magic silver bullet solutions marty (Aug 29)
- Re: Why VPNs aren't magic silver bullet solutions Mikael Olsson (Aug 30)
- Re: Why VPNs aren't magic silver bullet solutions Volker Tanger (Aug 30)
- Re: Why VPNs aren't magic silver bullet solutions Mikael Olsson (Aug 29)
- Re: Why VPNs aren't magic silver bullet solutions marty (Aug 29)
- <Possible follow-ups>
- Re: Why VPNs aren't magic silver bullet solutions Jeffery . Gieser (Aug 30)