VPN Question

Jay Wack jayw at tecsec.com
Mon Jun 21 15:10:38 EDT 1999 

We have been working with the DOD for the past 8 years....it has been our
experience that most of the efforts to date work well within a given
enclave.  The problems start when, in the effort to scale, more and diverse
connections are made....so far, no one has managed to get a significant,
complex network up and working using the VPN approach....

What has worked is the encryption of information at the object level, using
role-based access control attributes, embedded in the object, and
adjudicated at the client.   What you get is control of who talks to whom,
about what information, on what device.

Good luck with your efforts.

Jay Wack
TECSEC


> -----Original Message-----
> From:	Steve Brown [SMTP:sbrown at cw.net]
> Sent:	Monday, June 21, 1999 9:34 AM
> To:	Vpn
> Subject:	VPN Question
> 
> 
>  Hello -
> 
>     I was wondering if anyone had any thoughts on
>   VPNs Security & Performance.
> 
>     Usually when talking to my customers, I find that QoS
>   and Security are on two opposite side's of the fence. Vendors sell
>   QoS one way, and unfortunately customers always seem to understand
>   QoS another way (similiar to bandwidth application management).
> 
>     A lot of my projects have included intrusion detection, filtering,
>   logging and content vectoring protocol which impact's QoS (the QoS that
>   that the customer hears, or at least wants to hear),,so I was
>   wondering can VPNs really scale when we keep implying security to the
>   communications stream.
> 
>     I've already come across delays, time-outs, etc when adding additional
>   security features. I think that depending on the topology and
> architecture
>   in place at a customers network, we can improve the relationship between
>   QoS and Security, and hopefully VPNs will scale,,
> 
> 
> Steven A. Brown
> VPN/Firewall & Internet Security Engineer
> Cable&Wireless, 6400 Weston Pkwy, 3rd. FL
> Research Triangle Park, NC, 27513
> Author:Implementing Virtual Private Networks, McGraw-Hill
> CoAuthor:CheckPoint Firewall-1, McGraw-Hill
> sbrown at cw.net
> 
> ****************************************************************
> TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com
> 
> The VPN FAQ (under construction) is available at
> http://kubarb.phsx.ukans.edu/~tbird/FAQ.html
> 
> We are currently experiencing "unsubscribe" difficulties.  If you
> wish to unsubscribe, please send a message containing the single line
> "unsubscribe vpn your-e-mail-address" to
> owner-vpn at listserv.secnetgroup.com
> 
> ****************************************************************

****************************************************************
TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com

The VPN FAQ (under construction) is available at
http://kubarb.phsx.ukans.edu/~tbird/FAQ.html

We are currently experiencing "unsubscribe" difficulties.  If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com

****************************************************************

More information about the VPN mailing list