how basic can i be???

Jon Carnes jonc at haht.com
Wed Jun 13 21:05:32 EDT 2001 

A good point to stress at this time, is that the list has an FAQ, which is
fairly good reading.

The key to getting an answer that has value to you, is to give as much
detail as you can.  If you feed the list a general question, you'll get a
general answer.

A good starting point is to tell us what your familiar with and as much
about the sites you want to connect together:
  1) How much data do you need to push across in a normal minute? hour? day?
       No one really knows the answer so just give it a shot based on the
typical applications that will be pushing data across the gap.

  2) What is your current level of expertise with VPNs? WANs? networks?
operating systems like Windows, Linux, BSD?
      The deal is that most folks want to bring up a VPN on a platform that
they are familiar with... or they should hire a consultant to do it for
them, or they should go with an out of box solution from a trusted vendor.

  3) What kind of connectivity do you have to the Internet (or is this going
to be totally private via ATM?) at each of your sites?  How many sites do
you need to link together?  Do you need redundant links, or is Star
configuration okay (everyone connects directly to a hub site, normally HQ)?

  4) So what is your budget and deadline?  How much time do you have to
devote to learning about VPNs?
      Whatever it is, its never enough (money or time!).

  5) Are you deadset on doing it yourself?  Hiring a vendor?  Buying it off
the shelf?

  6) Is it only site to site VPN or is your concern mainly connections from
your mobile/home users and some small remote offices (or both, all three)?

  7) How secure does it *really* need to be?  Is security the end all and
major reason for the VPN, or is remote communication from a remote site the
major function?
     This really makes a difference in what you go with and how hard it is
to setup and maintain.

VPNs cover a lot of territory and there are many, many ways to implement
them.

My favorite site to site VPN is via Linux based firewalls connected together
using Secure Shell (or the new GRE links made possible by the 2.4 kernel).
My favorite user to site VPN is PPTP.  This is the generic VPN ushered in by
Microsoft 4 years ago.  Everybody's got it out of the box.  It works.

<The unofficial anti PPTP-rant> Now some folks will tell you that PPTP is
insecure.  Yes, everything my friend is insecure.  On the degree o meter of
security PPTP ranks low.  Still its high enough that to break, someone has
to have either dedicated access from the sending network, or the home
network.  If they have dedicated access to your home net, you are *already*
screwed, no matter what you use for transit.  If they have gone to the
trouble to gain dedicated access to the sending network, and they have the
time to sit there and intercept and record your packets for a half aday,
then really there's not much in the way of encryption that is going to stop
that individual. </The unofficial anti PPTP-rant>

Take care and good luck - Jon Carnes

----- Original Message -----
From: "Ger Sheehan VPN" <gervpn at oceanfree.net>
To: <vpn at securityfocus.com>
Sent: Wednesday, June 13, 2001 10:37 AM
Subject: how basic can i be???


> hi
>
>
> i have just subscribed to this list as i will may have to start setting up
> some vpn's soon.
>
> my first question is how basic can the questions be???
>
> i am looking for some advice on setting up something very simple.
>
> i would appreciate it if some one would let me know if this might be the
> right place for such questions.
>
>
> regards
>
>
> Ger Sheehan
>
>
> VPN is sponsored by SecurityFocus.com


VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list