Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: VPNmadness gets more support;

From: "Paul D. Robertson" <paul () compuwar net>
Date: Fri, 11 Feb 2005 19:07:45 -0500 (EST)
On Tue, 8 Feb 2005, Dave Piscitello wrote:


And the alternative is, "send everything in clear text?", or the ever-
popular, "don't connect!" Pure drivel.


"Don't connect" isn't pure drivel, it's the first consideration you should
make.  There is no reason that many operational infrastructure networks,
like parts of the power grid need to be susceptible to worm traffic when
they're mostly composed of production embedded systems.



It seems that all this report confirms is that, given choices for
identity and authentication, people will always choose poorly.

The reason VPNs come under fire is that they've been overhyped and as
a result, what the technologies actually do accomplish is undermined
by the unrealistic expectations any "panacea" accrues.



Along with blanket deployments where VPN access == full network access.

Client to network VPNs should almost always limit access. </blanket
statement>

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: