VPN Endpoint security

Jon Carnes jonc at HAHT.COM
Wed Mar 28 11:00:44 EST 2001


Now you are talking sense.

Yes, there is a value-add to having the router, firewall, and vpn all rolled
into one hardware device that can be centrally managed.  At $400 it is too
expensive for use by our individual users, but well under what we would
spend to bring one of our satellite offices on-line.

This would be a good substitute for our current scheme of connecting
satellites via IPTunnel/SecureShell.  Indeed I looked at doing so just
recently and was very disappointed at the currently available technology and
cost.

I anticipate the technology maturing, and the price dropping dramatically
over the next two years.  So look for us to move to IPSec sometime within
that two year period.

Still our end users will be using PPTP from home.  At least for awhile.

Jon Carnes
----- Original Message -----
From: "Christopher Gripp" <cgripp at axcelerant.com>
To: "Jon Carnes" <jonc at haht.com>; <vpn at securityfocus.com>
Sent: Wednesday, March 28, 2001 10:34 AM
Subject: RE: Re: VPN Endpoint security


> We got off on the wrong foot there.  Hadn't had my coffee yet!
>
> Being in the business of providing IPSec managed VPNs I am just trying
> to find out why people would consider using other alternatives.
>
> You mention routers.  Behind the Linksys?  You have some serious power
> users if they have multiple subnets at home!  How many endusers are we
> talking?  The cost of adding a box that could do IPSec and a true
> firewall, not just NAT (the NATural firewall, what a marketing gimmick)
> at the box is only $400, a figure not significantly larger for MOST
> deployments.  The long term cost of managing the VPN is much more than
> the initial hardware installation.  And we find the cost of managing a
> software client on a PC is significantly more.  Additionally, having a
> device that does the VPN vs the PC gives a clear demarc to troublshoot
> from.  Instead of blurring the functionality in the PC where other
> problems could be the issue.
>
> Not to say your solution isn't appropriate for your needs.
>
> Any insight would be appreciated!
>
> Chris Gripp
>
> -----Original Message-----
> From: Jon Carnes
> Sent: Wed 3/28/2001 7:25 AM
> To: Christopher Gripp
> Cc:
> Subject: Re: Re: VPN Endpoint security
>
>
>
> My friend, I challenge you to break into my VPN stream and find
> any data
> (much less any data of value).  And I mean you, not some
> nebulous unnamed
> person on the net.  Can YOU break my VPN and get any data?
>
> When you can, then come back and tell me that the security is
> not enough.
>
> Jon Carnes

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list