VPN management

[Butters, Kevin]

I concur with Jeff. Management of 3000 different site with Pre-Shared secret
passphrases, is going to quite a task.
In addition to Jeff's comments about PKI, a PKI infrastructure is designed
to be hierarchical. You can specify lifetimes for the certificates you issue
to facilitate special user needs - i.e. temps.
Additional, from your central location your can segment your PKI environment
to have a PKI infrastructure that is based on geographical locations or
business units.
>From a administrative point of view, PKI is alot easier.

Cheers/
Kevin

-----Original Message-----
From: Carr, Jeff N. [mailto:jcarr at STATE.ND.US]
Sent: Thursday, January 13, 2000 5:48 AM
To: VPN at SECURITYFOCUS.COM
Subject: Re: VPN management


Why is there a need for a pre-shared text secret? You could use certificates
with a central PKI and the problem you are worried about simply does not
exist. Of course, one must maintain the PKI and the CRLs, but at least that
is centrally managed, and a lot less work.

Jeff

-----Original Message-----
From: guy.raymakers at EUROPE.EDS.COM [mailto:guy.raymakers at EUROPE.EDS.COM]
Sent: Thursday, January 13, 2000 3:30 AM
To: VPN at SECURITYFOCUS.COM
Subject: VPN management


We are investigating the management effort of a site to site VPN network
including about 3000 sites (connecting secure to one central point). Since
the
IPsec function is implemented on routers, there's a need to use the
Pre-shared
text secrets. We want to change that text-secret on a regular basis, the
question is now : are there some "smart" techniques to do this ? I cannot
imagine to do this all one by one manually.

Thanks for your responses,
          Guy

VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM