VPN Endpoint security

Christopher Gripp cgripp at AXCELERANT.COM
Wed Mar 28 20:19:45 EST 2001 

We are pushing our vendors everyday for more functionality at a lower
cost.  A sub $300 CPE would increase our ability to sell a hrdware
device tremendously.  I would bet by Q2'02 we see that.  We are also
working closely to develop DSL integration.  Therefore you only need 1
device.
 
Chris
 
 

-----Original Message-----
From: Senkbeil, Michael [mailto:msenkbeil at C-GCONSULTING.COM]
Sent: Wednesday, March 28, 2001 1:48 PM
To: VPN at SECURITYFOCUS.COM
Subject: Re: VPN Endpoint security



Sorry Jon -  It was a joke (not very well presented, I'm afraid... tech
humor)   I'll be more professional from now on.. thanks for your reply. 

I don't understand why no one in the industry has yet to create a
gateway with integrated VPN capabilities as it seems there's a large
market for it.  My clients (<5 remote sites typically) and I in my own
office have budgets under $10K for these VPN projects, not big bucks by
any means as far as VPN implementations go. 

Regarding cost of support for a gateway vs. a PC client, I guess it
depends how much real cost you attribute to tech support time... In my
office, it not only costs me time to fix the problem, but that time
can't be spent on implementation of new stuff in my office or being
billable to clients.  Just a couple of hours spent horsing around on a
PC VPN client would easily blow away the whole cost of a VPN gateway if
one existed in the sub-$400 range.  (Though I think my $400 example with
the 3Com is not quite right after adding the VPN client software... more
like $500) 

Anyway, the whole world is going VPN, since it's the obvious way to
implement WANs, so it's just a matter of time till a VPN gateway for
home office is in the $250 range.   I think everyone would jump at that
opportunity. 

Michael L. Senkbeil, CNE, MCSE
C&G Consulting
http://www.c-gconsulting.com
Work: (262) 522-8248   Fax: (262) 522-8228 



	"Jon Carnes" <jonc at haht.com> 


03/28/2001 03:20 PM 
Please respond to "Jon Carnes" 


        
        To:        <msenkbeil at c-gconsulting.com> 
        cc:        <VPN at SECURITYFOCUS.COM> 
        Subject:        Re: VPN Endpoint security



Maybe you meant to send this to Christopher Gripp... 
  
----- Original Message ----- 
From:  <mailto:msenkbeil at c-gconsulting.com> msenkbeil at c-gconsulting.com 
To:  <mailto:jonc at haht.com> jonc at haht.com 
Sent: Wednesday, March 28, 2001 3:43 PM 
Subject: Re: VPN Endpoint security 


Wow, that Jon Carnes is quite an ornery guy.  Sounds like the typical
cheap IT manager I run into in the business. 
I really don't think of myself as typical, but perhaps I am.  I know
that the folks in my company really appreciate my good business sense as
well as my technical savvy.  In truth, I do not waste my company's money
or resources (feel free to call that being cheap).  I do deliver
targeted solutions to specific problems.  Part of those solutions is
longevity. 
  
I already have several VPN solutions in place that work for my company.
These legacy systems work superbly and cost much less than any solution
I have seen either of you mention.  The value-add of IPSec devices grows
daily, and the prices drop.  I am patient.   

I too am looking for the ultimate home gateway that can do basic, true
firewalling and act as an IPSec client itself, allowing routing for home
devices like PCs and IP phones.  $400 is about the best I can find.
I've seen the 3Com OfficeConnect Firewall 25 plus a 10 user VPN client
do the job.  Have you seen other devices? 

I agree that the $400 up front is far cheaper than using a PC client,
not to mention it won't even allow flexibility of other IP devices like
the IP phone to participate in the VPN connection. 
I disagree with you here, but then I have actually done the tests.  I
would rather spend $100 on a LinkSys Router and gain the same benefit
for my employees.  The reason I'm willing to pay more for the LinkSys
(over say Zone Alarm) is that I like the value-add of seperating the
security/firewall from the users box, and I especially like the easy
configuration and low maintence. 
  
Please don't forward this to the list or to Jon.  Thanks. 

Michael L. Senkbeil, CNE, MCSE
C&G Consulting
http://www.c-gconsulting.com
Work: (262) 522-8248   Fax: (262) 522-8228 
----- Forwarded by Michael Senkbeil/c-g on 03/28/2001 02:39 PM ----- 

Now you are talking sense.

Yes, there is a value-add to having the router, firewall, and vpn all
rolled
into one hardware device that can be centrally managed.  At $400 it is
too
expensive for use by our individual users, but well under what we would
spend to bring one of our satellite offices on-line.

This would be a good substitute for our current scheme of connecting
satellites via IPTunnel/SecureShell.  Indeed I looked at doing so just
recently and was very disappointed at the currently available technology
and
cost.

I anticipate the technology maturing, and the price dropping
dramatically
over the next two years.  So look for us to move to IPSec sometime
within
that two year period.

Still our end users will be using PPTP from home.  At least for awhile.

Jon Carnes
----- Original Message -----
From: "Christopher Gripp" <cgripp at axcelerant.com>
To: "Jon Carnes" <jonc at haht.com>; <vpn at securityfocus.com>
Sent: Wednesday, March 28, 2001 10:34 AM
Subject: RE: Re: VPN Endpoint security


> We got off on the wrong foot there.  Hadn't had my coffee yet!
>
> Being in the business of providing IPSec managed VPNs I am just trying
> to find out why people would consider using other alternatives.
>
> You mention routers.  Behind the Linksys?  You have some serious power
> users if they have multiple subnets at home!  How many endusers are we
> talking?  The cost of adding a box that could do IPSec and a true
> firewall, not just NAT (the NATural firewall, what a marketing
gimmick)
> at the box is only $400, a figure not significantly larger for MOST
> deployments.  The long term cost of managing the VPN is much more than
> the initial hardware installation.  And we find the cost of managing a
> software client on a PC is significantly more.  Additionally, having a
> device that does the VPN vs the PC gives a clear demarc to troublshoot
> from.  Instead of blurring the functionality in the PC where other
> problems could be the issue.
> 
> Not to say your solution isn't appropriate for your needs.
>
> Any insight would be appreciated!
>
> Chris Gripp
>
> -----Original Message-----
> From: Jon Carnes
> Sent: Wed 3/28/2001 7:25 AM
> To: Christopher Gripp
> Cc:
> Subject: Re: Re: VPN Endpoint security
>
>
>
> My friend, I challenge you to break into my VPN stream and find
> any data
> (much less any data of value).  And I mean you, not some
> nebulous unnamed
> person on the net.  Can YOU break my VPN and get any data?
>
> When you can, then come back and tell me that the security is
> not enough.
>
> Jon Carnes

VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM

More information about the VPN mailing list