PaulDotCom mailing list archives
Re: SSL vs IPSec VPNs
From: Chris Clymer <cclymer () gmail com>
Date: Mon, 25 Oct 2010 07:18:34 -0500
Seconded on OpenVPN for small deployments at least. Not sure the tools are there to really scale it to a large userbase, but i may be wrong. My experience was using it standalone or within PFsense On Oct 19, 2010, at 8:43 PM, Jack Daniel <jackadaniel () gmail com> wrote:
First you must define what kind of SSL VPN you are talking about, for example there's a huge difference between OpenVPN and the web re-writing portals. Things like SSL strip may or may not be a factor depending on the choice. I am a huge OpenVPN fanbois, and have been for years. Jack On 10/19/10, Michael Douglas <mick () pauldotcom com> wrote:Hey all, I'm trying to determine what protocols should be permitted on a new VPN concentrator. I'd like to stick with IPSec, it's tried and true, and to quote Garth: "We fear change". However, it seems that all the vendors are going down the SSL route. Now I know SSL is 'safe', but it seems like it's more open to attacks like SSLStrip (thanks again Moxie for making us aware of the problems!) I get that SSL is easier for administrators and end users alike, but is that convenience at too high a cost? So what are your thoughts? Am I being too paranoid? If there are articles or places where I should RTFM, that's cool... I just need to know what FM to read!! Please send the links/info ;-) Thanks for your input, and have a nice day! - Mick _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- Sent from my mobile device ______________________________________ Jack Daniel, Reluctant CISSP http://twitter.com/jack_daniel http://www.linkedin.com/in/jackadaniel http://blog.uncommonsensesecurity.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- SSL vs IPSec VPNs Michael Douglas (Oct 19)
- Re: SSL vs IPSec VPNs Carlos Perez (Oct 19)
- Re: SSL vs IPSec VPNs Butturini, Russell (Oct 20)
- Re: SSL vs IPSec VPNs Carlos Perez (Oct 20)
- Re: SSL vs IPSec VPNs Michael Miller (Oct 21)
- Re: SSL vs IPSec VPNs Butturini, Russell (Oct 20)
- Re: SSL vs IPSec VPNs Carlos Perez (Oct 19)
- Re: SSL vs IPSec VPNs Jack Daniel (Oct 20)
- Re: SSL vs IPSec VPNs Chris Clymer (Oct 25)
- Re: SSL vs IPSec VPNs Baggett, Mark (Oct 20)
- Re: SSL vs IPSec VPNs Carlos Perez (Oct 20)
- Re: SSL vs IPSec VPNs Michael Douglas (Oct 21)
- Re: SSL vs IPSec VPNs Baggett, Mark (Oct 22)
- Re: SSL vs IPSec VPNs Gregory Baker (Oct 26)
- <Possible follow-ups>
- Re: SSL vs IPSec VPNs Kerry (Oct 20)