PaulDotCom mailing list archives
Re: SSL vs IPSec VPNs
From: Carlos Perez <carlos_perez () darkoperator com>
Date: Tue, 19 Oct 2010 21:36:37 -0400
SSL Strip does not work on a full SSL VPN, I have tried ;), I would say it depends on the traffic, amount of traffic and how time sensitive is that traffic. SSL over UDP gives the best performance but you have a big pain of certs and cert validation to minimize the attack surface, on the IPSEC depending on the implementation you can get the most compatibility for different client types but on high traffic with time sensitive traffic you will get fragmentation and possible replay problems. There are a lot more pros and cons but after 5 days of hospital I'm bone tired from sleeping on a chair, when I get coffee in me in the morning I will try to expand on the points. Cheers, Carlos On Oct 19, 2010, at 9:41 AM, Michael Douglas wrote:
Hey all, I'm trying to determine what protocols should be permitted on a new VPN concentrator. I'd like to stick with IPSec, it's tried and true, and to quote Garth: "We fear change". However, it seems that all the vendors are going down the SSL route. Now I know SSL is 'safe', but it seems like it's more open to attacks like SSLStrip (thanks again Moxie for making us aware of the problems!) I get that SSL is easier for administrators and end users alike, but is that convenience at too high a cost? So what are your thoughts? Am I being too paranoid? If there are articles or places where I should RTFM, that's cool... I just need to know what FM to read!! Please send the links/info ;-) Thanks for your input, and have a nice day! - Mick _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- SSL vs IPSec VPNs Michael Douglas (Oct 19)
- Re: SSL vs IPSec VPNs Carlos Perez (Oct 19)
- Re: SSL vs IPSec VPNs Butturini, Russell (Oct 20)
- Re: SSL vs IPSec VPNs Carlos Perez (Oct 20)
- Re: SSL vs IPSec VPNs Michael Miller (Oct 21)
- Re: SSL vs IPSec VPNs Butturini, Russell (Oct 20)
- Re: SSL vs IPSec VPNs Carlos Perez (Oct 19)
- Re: SSL vs IPSec VPNs Jack Daniel (Oct 20)
- Re: SSL vs IPSec VPNs Chris Clymer (Oct 25)
- Re: SSL vs IPSec VPNs Baggett, Mark (Oct 20)
- Re: SSL vs IPSec VPNs Carlos Perez (Oct 20)
- Re: SSL vs IPSec VPNs Michael Douglas (Oct 21)
- Re: SSL vs IPSec VPNs Baggett, Mark (Oct 22)
- Re: SSL vs IPSec VPNs Gregory Baker (Oct 26)