VPN costs savings

Stephen Hope shope at ENERGIS-EIS.CO.UK
Tue Jan 30 13:50:16 EST 2001


my 2nd 2p worth...

Surely the point here is that encryption and WAN technology are more or less
independant choices.

you can set up various VPN products to have NO encryption.

conversely you can add encryption to a private network using leased lines,
frame relay, ATM, ISDN etc either IPsec or external encryptors - this is
often used on banking networks in Europe.

The choice of encryption should be - do i have enough security by default in
the underlying transport, or do i need more? On the flip side, is it legal /
possible to deploy the encryption i want to use. And finally, how will i
debug the resulting complications?

1 final point - how can you prove the "security" of your encryption scheme?
If an implementation gives you single DES rather than tripple DES - how can
you tell? I still havent found a satisfactory answer to this, apart from
"trust the vendor, and see if you get hacked".

Stephen


Stephen Hope C. Eng, Network Consultant, shope at energis-eis.co.uk,
Energis Integration Services Ltd, WWW: http://www.energis-eis.co.uk
Carrington Business Park, Carrington, Manchester , UK. M31 4ZU
Tel: +44 (0)161 776 4194 Mob: +44 (0)7767 256 180 Fax: +44 (0)161 776
4189


> -----Original Message-----
> From: Sandy Harris [mailto:sandy at STORM.CA]
> Sent: 30 January 2001 02:42
> To: VPN at SECURITYFOCUS.COM
> Subject: Re: VPN costs savings
>
>
> Nick v d Walt wrote:
> >
> > Two Sides of the spectrum.
> >
> > Security - Less secure than a point to point Leased line
> system as you are
> > dealing in a public domain.
>
> How hard is tapping that leased line or subverting one of the
> switches? If
> it is easy, then a VPN, even over the insecure Internet,
> gives a huge security
> gain.
>
> > Triple DES is not allowed in all countries across the world
>
> There's some restriction on export, especially from the US,
> and there may be
> some countries I'm not up to date on, but I don't believe
> your statement.
> Can you give examples?
>
> A quick check at the standard reference on international crypto law:
>
> http://cwis.kub.nl/~FRW/PEOPLE/koops/lawsurvy.htm
>
> turned up very few such controls.
>
> Only China, Pakistan and the former USSR are shown on his maps:
>
> http://cwis.kub.nl/~FRW/PEOPLE/koops/cls-sum.htm
>
> as having tight domestic usage controls.
>
> > - resulting in using single des............drop in security.
>
> Single DES is insecure:
> http://www.freeswan.org/freeswan_trees/freeswan-1.8/doc/politi
cs.html#desnotsecure

> It all depends on how you look at it. I am an IT Manager for the Eastern
> Hemisphere of an international organisation, and yes the reduction of
> quarterly payments was the deciding factor. But then again i am only
saving
> about $5k per quarter at some locations.
>
> Playing Devils Advocate a bit.
>
> Either way, VPN is a winner.
>
Yes.

VPN is sponsored by SecurityFocus.COM

-----------------------------------------------------------------------------------------------------------

This email is confidential and intended solely for the use of the individual to
whom it is addressed. Any views or opinions presented are solely those of the
author and do not necessarily represent those of Energis Integration Services.
If you are not the intended recipient, be advised that you have received this
email in error and that any use, dissemination, forwarding, printing, or copying
of this email is strictly prohibited.

We have an anti-virus system installed on all our PC's and therefore any files
leaving us via e-mail will have been checked for known viruses.
Energis Integration Services accepts no responsibility once an e-mail
and any attachments leave us.

If you have received this email in error please notify Energis Integration Services Communications
IT department on +44 (0) 1494 476222..
-----------------------------------------------------------------------------------------------------------

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list