Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Link encryptors vs. IPSec

From: George Capehart <capegeo () opengroup org>
Date: Sat, 18 Aug 2001 00:27:55 -0400
Hello Wizards,

I have a slightly off-topic question that mjr probably won't let
through, but since I can't think of a more appropriate list, I'll ask it
here.  (Pointers to more appropriate lists/newsgroups would be
appreciated).  Since it is somewhat off-topic, I would be happy to
accept private replies.  If it is of interest, I will publish a summary
of the responses I receive.  Here goes:

The requirement is to provide over-the-wire privacy between two
organizations.  There are two links between the organizations, a
dedicated leased line as the primary link, an ISDN dialup line as the
backup link.  For various reasons out of my control, one of the
organizations wants all of the traffic that flows through its border
routers to be in the clear so that they can monitor it.  The other
organization does not want traffic between the organizations to be
subject to eavesdropping.  The two classes of options to solve the
problem seem to be:
 - Use link encryptors (like Cylink) between the routers and the
telecomm interfaces, or
 - Use IPSec on the public side of the routers.

I am agnostic with respect to the solution.  I have a personal bias, but
it's based on the KISS principle and it seems to me that the link
encryptor option is a little simpler than is using IPSec.  At least that
has been my (admittedly limited) experience.  I do not want to start a
flame war, but I would truly like to hear the opinions and experiences
of others who have worked with one or both (preferably both) of the
options.  I need information that can help me weight the decision one
way or the other.

I know that the details are very scarce.  This is because the solution
to this problem will drive many other design assumptions and decisions.

Thanks in advance.

Best regards,

George Capehart
--
George W. Capehart                               Phone:  +1 704.953.1209
                                                   Fax:  +1 704.853.2624

SMS Messaging:  http://www.mobile.att.net/mc/personal/pager_show.html
                or
                mailto:  7049531209 () mobile att net

"Does getiud() halt the spawning of child processes?"
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: