ATM and VPN's
Bennett Todd
bet at RAHUL.NET
Tue Mar 28 20:54:47 EST 2000
2000-03-28-20:29:58 Kent Dallas:
> I have yet to hear the argument that encryption is inexpensive.
Ok, for completeness I'll offer that argument:-).
In settings where I care about security, and two nets with different
security policies connect to each other, I deploy a firewall.
To my tastes, the very best firewall is an Open Source Unix box
running a suitable mix of packet filtering, proxies, and
high-security daemons to address the security policy and
functionality needs of the setting.
As I'm deploying on commodity hardware, I enjoy the ongoing
exponential improvements in CPU performance, and the processing
requirements of a firewall rarely begin to use the resources
available on even modestly-priced boxes today.
Hence, in networks that I configure, VPN can be essentially free for
nearly all purposes. About the only time it would get expensive
would be if I felt a need to try and encrypt, with negligible
performance impact, a really huge pipe, say T3 or better. I'll admit
I do try and design around needing encrypted pipes that fat.
-Bennett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/vpn/attachments/20000328/7108ad4e/attachment.pgp
More information about the VPN
mailing list