Toe Dipping Into Turbulence

Stephen Chowning schowning at HOME.COM
Tue Feb 6 12:21:21 EST 2001


woody weaver wrote:

> On Monday, February 05, 2001 5:16 PM, Stephen Chowning wrote:
>
> > I am looking at VPN as a cost effective solution to my
> > problem. I have a VERY
> > small LAN (5 desktop computers) that I would like to securely
> > add another computer
> > to from a remote (30 miles) location. Ideally this would be a
> > reasonably secure
> > VPN solution that is software based that will run on Macs. I
> > have read several
> > FAQs, and now have several questions.
>
> Unfortunately, market forces imply that support for mac products is less
> than for M$ products.
>
> This suggests stand alone appliances may be a better solution.

I will never implement M$ products or standards. I'll switch to Linux first.

>
>
> >
> > 1. The LAN and the remote location has the ability to access
> > the internet via
> > cable modem, altthough neither is currently set up to do so.
> > Could I implement a
> > software only solution such as McAffee's PGP Desktop Security
> > 6.5.8 for Mac w/RSA
> > and avoid what so far sounds like expensive hardware? If I
> > need hardware as well,
> > what is the cheapest solution that would provide reasonable
> > security (reasonable=
> > not PPTP or anything else that Billy G. and his minions have
> > their hands in).
>
> For the small LAN, an appliance is probably the right solution.  There are
> several SOHO products.  I like the Netscreen 5
> (http://www.netscreen.com/products/appliances.html#ns5) although WatchGuard,
> RedCreek, and others are reasonable.  For the stand alone, the personal
> firewall solution might be right.
>
> Another thing to look at is if the cable modem has (or could be exchanged
> for a device) that supports IPsec.

Does the average cable modem NOT support IPsec?

>
>
> > 2. How secure would PGP Desktop Security 6.5.8 for Mac w/RSA
> > be? I am afraid that
> > you all are going to tell me that it may be reasonably secure
> > for right now, but I
> > had better stay on my toes because things change by the minute.
>
> What does secure mean to you?

A while ago, a gentleman in Europe put a Mac server on the internet and offered
(I believe) $50K for someone to hack the system in any way other than denial of
service. In six months, no one was able to claim the prize. Does that mean that
it was impossible to do? I doubt it. Does it mean that it was secure? To me,
yes.

> What are you risking?  What are your assets?
> What is the value?  What are the threats? My guess would be that the
> security of your environment is not going to revolve around the products
> deployed but in the policies and procedures used to implemement and operate
> the products.

At risk is the trust of our customers. We market strictly via internet, so it is
extremely valuable. The main assets are the customer credit card #s. If proper
implementation of a double key 128 bit system via IPsec protocols is reasonably
secure, then that is what I want. I would like to establish what to shoot for
first, then determine what equipment will be required to make it happen.

>
>
> My suggestion would be to use an IPsec based product (rather than PPTP) for
> its general applicability and robust encryption environment.  There are
> various knobs you can turn to drop encryption standards in place.  So your
> PGP Desktop Security product, with its built in personal firewall, IDS, and
> IPsec based VPN would be a sound choice.
>
> >
> > Sincerely,
> > Steve Chowning
> >
> > VPN is sponsored by SecurityFocus.COM
>
> --woody

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list