VPN Endpoint security

Jon Carnes jonc at HAHT.COM
Wed Mar 28 09:36:37 EST 2001 

Remember that standards are not based on what works "the best".  Standards
are based on what is the most prevalent and cheapest.

Our particular user VPN's have been up for almost 3 years now.  Yes, the
security is minimal - yet it is enough.  If you care to invent a
time-machine, I will gladly go back 4 years and deploy current IPSec
technology instead of PPTP.

You'll be even more shocked to know that we use IPTunneling via SecureShell
to connect or corporate sites world-wide.  We've been doing that for about 4
years.  It works extremely well for us.  Before that, we didn't even use
SecureShell, we used IPX and tunneled it unencrypted across the internet
(slightly more secure than tunneling straight IP).

Will we use IPSec.  You bet.  When the need arises.  For now, I still view
it as a work in progress.

Jon Carnes

----- Original Message -----
From: "Christopher Gripp" <cgripp at axcelerant.com>
To: "Jon Carnes" <jonc at haht.com>; <VPN at SECURITYFOCUS.COM>
Sent: Tuesday, March 27, 2001 11:35 PM
Subject: RE: Re: VPN Endpoint security


> Am I understanding right?  Why would any one deploy PPTP as opposed to
> IPSec nowadays?  I understand it is free with MS but their
> implementation is severely flawed or has this been fixed in W2K or SP's
> for other OS's?  Not that I am aware of.
>
> Read this FAQ if your considering MS PPTP.
> http://www.counterpane.com/pptp-faq.html
>
>
>
> Chris Gripp
> Systems Engineer
> Axcelerant
>
> -----Original Message-----
> From: Jon Carnes
> Sent: Mon 3/26/2001 2:17 PM
> To: VPN at SECURITYFOCUS.COM
> Cc:
> Subject: Re: VPN Endpoint security
>
>
>
> LinkSys routers - the cost is more than Zone Alarm but the units
> are
> literally plug and go.  They provide great protection behind a
> NAT firewall
> and they pass PPTP with no problems.  The folks at home can even
> hang their
> routers off of them and have all their computers on the network
> at the same
> time.
>
> We thought about charging a small fee for the units, but the
> fact is we need
> folks to use something at home when they are connecting via VPN
> and we don't
> want anything putting them off.  The value add to security is
> great. The
> value add to moral is also good.
>
> We tested using Zone Alarm and using Black Ice.  Of the two,
> Zone Alarm was
> simpler for our users.  The setup for using VPN with either
> program was as a
> bit mystifying to our end-users and they had a bit of difficulty
> even with
> our printed instructions (which were very well written - Thank
> you very
> much.).  Also on the negative side, both programs had bugs
> discovered in
> them while we were in our testing phase and we had to talk our
> test subjects
> through up-grading the software.
>
> In the end, we decided that the investment in the LinkSys
> devices was the
> best route.  The value add to the end-user and the ease of
> installation
> over-came the inertia of even our most reluctant employees.
>
> Jon Carnes
> ----- Original Message -----
> From: "Byron Kennedy" <byron at MARKETTOOLS.COM>
> To: <VPN at SECURITYFOCUS.COM>
> Sent: Monday, March 26, 2001 3:25 PM
> Subject: VPN Endpoint security
>
>
> > Just curious what others are doing out there to secure
> corporate IPSec VPN
> > endpints (dial-up, broadband, etc)?  Looking for an easy to
> administer
> > solution for wintel clients using primarily win2000 and nt4.0?
> Concerns
> are
> > policy administration and ease of use.  What about ZoneAlarm
> Pro? other?
> >
> > Thx!Byron
> >
> > Byron Kennedy
> > Markettools, Inc.
> > *******************************************
> > www.markettools.com
> > www.ztelligence.com
> > www.zoomerang.com
> > MarketTools is the premier applications services provider of
> Web-based
> > corporate solutions including market research and feedback
> services. The
> > company helps businesses of all sizes gather the critical
> information they
> > need to make key business decisions. MarketTools' research and
> feedback
> > applications are the first phase of its global relationship
> intelligence
> > network that will link companies with their customers,
> employees, vendors
> > and shareholders. MarketTools is a privately held company
> headquartered in
> > Mill Valley, CA.
> >
> > VPN is sponsored by SecurityFocus.COM
>
> VPN is sponsored by SecurityFocus.COM
>
>
>

VPN is sponsored by SecurityFocus.COM

More information about the VPN mailing list