Firewall Wizards mailing list archives
Link encryptors vs. IPSec
From: George Capehart <capegeo () opengroup org>
Date: Sat, 18 Aug 2001 00:27:55 -0400
Hello Wizards, I have a slightly off-topic question that mjr probably won't let through, but since I can't think of a more appropriate list, I'll ask it here. (Pointers to more appropriate lists/newsgroups would be appreciated). Since it is somewhat off-topic, I would be happy to accept private replies. If it is of interest, I will publish a summary of the responses I receive. Here goes: The requirement is to provide over-the-wire privacy between two organizations. There are two links between the organizations, a dedicated leased line as the primary link, an ISDN dialup line as the backup link. For various reasons out of my control, one of the organizations wants all of the traffic that flows through its border routers to be in the clear so that they can monitor it. The other organization does not want traffic between the organizations to be subject to eavesdropping. The two classes of options to solve the problem seem to be: - Use link encryptors (like Cylink) between the routers and the telecomm interfaces, or - Use IPSec on the public side of the routers. I am agnostic with respect to the solution. I have a personal bias, but it's based on the KISS principle and it seems to me that the link encryptor option is a little simpler than is using IPSec. At least that has been my (admittedly limited) experience. I do not want to start a flame war, but I would truly like to hear the opinions and experiences of others who have worked with one or both (preferably both) of the options. I need information that can help me weight the decision one way or the other. I know that the details are very scarce. This is because the solution to this problem will drive many other design assumptions and decisions. Thanks in advance. Best regards, George Capehart -- George W. Capehart Phone: +1 704.953.1209 Fax: +1 704.853.2624 SMS Messaging: http://www.mobile.att.net/mc/personal/pager_show.html or mailto: 7049531209 () mobile att net "Does getiud() halt the spawning of child processes?" _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Link encryptors vs. IPSec George Capehart (Aug 20)
- Re: Link encryptors vs. IPSec Rick Smith at Secure Computing (Aug 28)