VPN Endpoint security
msenkbeil at c-gconsulting.com
msenkbeil at c-gconsulting.com
Fri Jan 4 00:30:02 EST 2008
Wow, that Jon Carnes is quite an ornery guy. Sounds like the typical cheap
IT manager I run into in the business.
I really don't think of myself as typical, but perhaps I am. I know that
the folks in my company really appreciate my good business sense as well as
my technical savvy. In truth, I do not waste my company's money or
resources (feel free to call that being cheap). I do deliver targeted
solutions to specific problems. Part of those solutions is longevity.
I already have several VPN solutions in place that work for my company.
These legacy systems work superbly and cost much less than any solution I
have seen either of you mention. The value-add of IPSec devices grows
daily, and the prices drop. I am patient.
I too am looking for the ultimate home gateway that can do basic, true
firewalling and act as an IPSec client itself, allowing routing for home
devices like PCs and IP phones. $400 is about the best I can find. I've
seen the 3Com OfficeConnect Firewall 25 plus a 10 user VPN client do the
job. Have you seen other devices?
I agree that the $400 up front is far cheaper than using a PC client, not to
mention it won't even allow flexibility of other IP devices like the IP
phone to participate in the VPN connection.
I disagree with you here, but then I have actually done the tests. I would
rather spend $100 on a LinkSys Router and gain the same benefit for my
employees. The reason I'm willing to pay more for the LinkSys (over say
Zone Alarm) is that I like the value-add of seperating the security/firewall
from the users box, and I especially like the easy configuration and low
maintence.
Please don't forward this to the list or to Jon. Thanks.
Michael L. Senkbeil, CNE, MCSE
C&G Consulting
http://www.c-gconsulting.com
Work: (262) 522-8248 Fax: (262) 522-8228
----- Forwarded by Michael Senkbeil/c-g on 03/28/2001 02:39 PM -----
Now you are talking sense.
Yes, there is a value-add to having the router, firewall, and vpn all rolled
into one hardware device that can be centrally managed. At $400 it is too
expensive for use by our individual users, but well under what we would
spend to bring one of our satellite offices on-line.
This would be a good substitute for our current scheme of connecting
satellites via IPTunnel/SecureShell. Indeed I looked at doing so just
recently and was very disappointed at the currently available technology and
cost.
I anticipate the technology maturing, and the price dropping dramatically
over the next two years. So look for us to move to IPSec sometime within
that two year period.
Still our end users will be using PPTP from home. At least for awhile.
Jon Carnes
----- Original Message -----
From: "Christopher Gripp" <cgripp at axcelerant.com>
To: "Jon Carnes" <jonc at haht.com>; <vpn at securityfocus.com>
Sent: Wednesday, March 28, 2001 10:34 AM
Subject: RE: Re: VPN Endpoint security
> We got off on the wrong foot there. Hadn't had my coffee yet!
>
> Being in the business of providing IPSec managed VPNs I am just trying
> to find out why people would consider using other alternatives.
>
> You mention routers. Behind the Linksys? You have some serious power
> users if they have multiple subnets at home! How many endusers are we
> talking? The cost of adding a box that could do IPSec and a true
> firewall, not just NAT (the NATural firewall, what a marketing gimmick)
> at the box is only $400, a figure not significantly larger for MOST
> deployments. The long term cost of managing the VPN is much more than
> the initial hardware installation. And we find the cost of managing a
> software client on a PC is significantly more. Additionally, having a
> device that does the VPN vs the PC gives a clear demarc to troublshoot
> from. Instead of blurring the functionality in the PC where other
> problems could be the issue.
>
> Not to say your solution isn't appropriate for your needs.
>
> Any insight would be appreciated!
>
> Chris Gripp
>
> -----Original Message-----
> From: Jon Carnes
> Sent: Wed 3/28/2001 7:25 AM
> To: Christopher Gripp
> Cc:
> Subject: Re: Re: VPN Endpoint security
>
>
>
> My friend, I challenge you to break into my VPN stream and find
> any data
> (much less any data of value). And I mean you, not some
> nebulous unnamed
> person on the net. Can YOU break my VPN and get any data?
>
> When you can, then come back and tell me that the security is
> not enough.
>
> Jon Carnes
VPN is sponsored by SecurityFocus.COM
------_=_NextPart_001_01C0B88E.9125B1B0
Content-Type: text/html;
charset="iso-8859-1"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META content="MSHTML 5.50.4611.1300" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><SPAN class=195520920-29032001><FONT face="Courier New" color=#0000ff
size=2>Just a point for comparison: the words "same benefit" are used below, as
i understand, the linksys routers don't supply outbound packet filtering via
port/application, which is a huge security differentiator between
them and host based firewalls. Perhaps I've overlooked this
feature.</FONT></SPAN></DIV>
<DIV><SPAN class=195520920-29032001><FONT face="Courier New" color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=195520920-29032001><FONT face="Courier New" color=#0000ff
size=2>Also, other items that we're needing to consider are those
times when a laptop user (vpn tunnel mode) is on dial-up, or the quite
popular now hotel LAN. Thought they are great for home offices with
multiple pcs, the linksys doesn't address the scenarios
above.</FONT></SPAN></DIV>
<DIV><SPAN class=195520920-29032001><FONT face="Courier New" color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=195520920-29032001><FONT face="Courier New" color=#0000ff
size=2>I agree with most of what you guys have said and really appreciate your
input. I think both hardware and software solutions have their
place.</FONT></SPAN></DIV>
<DIV><SPAN class=195520920-29032001><FONT face="Courier New" color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=195520920-29032001><FONT face="Courier New" color=#0000ff
size=2>Byron</FONT></SPAN></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Jon Carnes
[mailto:jonc at HAHT.COM]<BR><B>Sent:</B> Wednesday, March 28, 2001 1:21
PM<BR><B>To:</B> VPN at SECURITYFOCUS.COM<BR><B>Subject:</B> Re: VPN Endpoint
security<BR><BR></FONT></DIV>
<DIV><FONT face=Arial size=2>Maybe you meant to send this to Christopher
Gripp...</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV>----- Original Message ----- </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=msenkbeil at c-gconsulting.com
href="mailto:msenkbeil at c-gconsulting.com">msenkbeil at c-gconsulting.com</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=jonc at haht.com
href="mailto:jonc at haht.com">jonc at haht.com</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Wednesday, March 28, 2001 3:43
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: VPN Endpoint
security</DIV>
<DIV><FONT face=Arial size=2></FONT><FONT face=Arial size=2></FONT><FONT
face=Arial size=2></FONT><FONT face=Arial size=2></FONT><FONT face=Arial
size=2></FONT><FONT face=Arial size=2></FONT><FONT face=Arial
size=2></FONT><FONT face=Arial size=2></FONT><FONT face=Arial
size=2></FONT><BR></DIV>
<DIV><FONT face=Arial size=2></FONT><FONT face=Arial size=2></FONT><BR><FONT
face=sans-serif size=2>Wow, that Jon Carnes is quite an ornery guy.
Sounds like the typical cheap IT manager I run into in the
business.</FONT> <BR></DIV></BLOCKQUOTE>
<DIV>
<DIV><FONT face=Arial size=2>I really don't think of myself as typical, but
perhaps I am. I know that the folks in my company really appreciate my
good business sense as well as my technical savvy. In truth, I do not
waste my company's money or resources (feel free to call that being
cheap). I do deliver targeted solutions to specific
problems. Part of those solutions is longevity. </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I already have several VPN solutions in place
that work for my company. These legacy systems work superbly and cost
much less than any solution I have seen either of you mention. The
value-add of IPSec devices grows daily, and the prices drop. I am
patient. </FONT></DIV></DIV><FONT face=Arial size=2></FONT>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px"><FONT
face=Arial size=2></FONT><FONT face=Arial size=2></FONT>
<DIV><FONT face=Arial size=2></FONT><FONT face=Arial size=2></FONT><FONT
face=Arial size=2></FONT><FONT face=Arial size=2></FONT><FONT face=Arial
size=2></FONT><FONT face=Arial size=2></FONT><FONT face=Arial
size=2></FONT><BR><FONT face=sans-serif size=2>I too am looking for the
ultimate home gateway that can do basic, true firewalling and act as an
IPSec client itself, allowing routing for home devices like PCs and IP
phones. $400 is about the best I can find. I've seen the 3Com
OfficeConnect Firewall 25 plus a 10 user VPN client do the job. Have
you seen other devices?</FONT> <BR><BR><FONT face=sans-serif size=2>I agree
that the $400 up front is far cheaper than using a PC client, not to mention
it won't even allow flexibility of other IP devices like the IP phone to
participate in the VPN connection.</FONT> <BR></DIV></BLOCKQUOTE>
<DIV><FONT face=Arial size=2>I disagree with you here, but then I have
actually done the tests. I would rather spend $100 on a LinkSys Router
and gain the same benefit for my employees. The reason I'm willing to
pay more for the LinkSys (over say Zone Alarm) is that I like the value-add of
seperating the security/firewall from the users box, and I especially like the
easy configuration and low maintence.</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=sans-serif size=2>Please don't forward this to the list or
to Jon. Thanks.</FONT> <BR><FONT face=sans-serif size=2><BR>Michael L.
Senkbeil, CNE, MCSE<BR>C&G
Consulting<BR>http://www.c-gconsulting.com<BR>Work: (262) 522-8248
Fax: (262) 522-8228</FONT> <BR><FONT face=sans-serif color=#800080
size=1>----- Forwarded by Michael Senkbeil/c-g on 03/28/2001 02:39 PM
-----</FONT> <BR><BR><FONT face="Courier New" size=2>Now you are talking
sense.<BR><BR>Yes, there is a value-add to having the router, firewall, and
vpn all rolled<BR>into one hardware device that can be centrally managed.
At $400 it is too<BR>expensive for use by our individual users, but
well under what we would<BR>spend to bring one of our satellite offices
on-line.<BR><BR>This would be a good substitute for our current scheme of
connecting<BR>satellites via IPTunnel/SecureShell. Indeed I looked at
doing so just<BR>recently and was very disappointed at the currently
available technology and<BR>cost.<BR><BR>I anticipate the technology
maturing, and the price dropping dramatically<BR>over the next two years.
So look for us to move to IPSec sometime within<BR>that two year
period.<BR><BR>Still our end users will be using PPTP from home. At
least for awhile.<BR><BR>Jon Carnes<BR>----- Original Message -----<BR>From:
"Christopher Gripp" <cgripp at axcelerant.com><BR>To: "Jon Carnes"
<jonc at haht.com>; <vpn at securityfocus.com><BR>Sent: Wednesday,
March 28, 2001 10:34 AM<BR>Subject: RE: Re: VPN Endpoint
security<BR><BR><BR>> We got off on the wrong foot there. Hadn't
had my coffee yet!<BR>><BR>> Being in the business of providing IPSec
managed VPNs I am just trying<BR>> to find out why people would consider
using other alternatives.<BR>><BR>> You mention routers. Behind
the Linksys? You have some serious power<BR>> users if they have
multiple subnets at home! How many endusers are we<BR>> talking?
The cost of adding a box that could do IPSec and a true<BR>>
firewall, not just NAT (the NATural firewall, what a marketing
gimmick)<BR>> at the box is only $400, a figure not significantly larger
for MOST<BR>> deployments. The long term cost of managing the VPN
is much more than<BR>> the initial hardware installation. And we
find the cost of managing a<BR>> software client on a PC is significantly
more. Additionally, having a<BR>> device that does the VPN vs the
PC gives a clear demarc to troublshoot<BR>> from. Instead of
blurring the functionality in the PC where other<BR>> problems could be
the issue.<BR>><BR>> Not to say your solution isn't appropriate for
your needs.<BR>><BR>> Any insight would be
appreciated!<BR>><BR>> Chris Gripp<BR>><BR>> -----Original
Message-----<BR>> From: Jon Carnes<BR>> Sent: Wed 3/28/2001 7:25
AM<BR>> To: Christopher Gripp<BR>> Cc:<BR>> Subject: Re: Re: VPN
Endpoint security<BR>><BR>><BR>><BR>> My friend, I challenge you
to break into my VPN stream and find<BR>> any data<BR>> (much less any
data of value). And I mean you, not some<BR>> nebulous
unnamed<BR>> person on the net. Can YOU break my VPN and get any
data?<BR>><BR>> When you can, then come back and tell me that the
security is<BR>> not enough.<BR>><BR>> Jon Carnes<BR><BR>VPN is
sponsored by
SecurityFocus.COM<BR></FONT><BR></DIV></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
------_=_NextPart_001_01C0B88E.9125B1B0--
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list