Re: Opinions on VPN?

["Ryan Russell" <Ryan.Russell () sybase com>]

>    Just wanted to find out what other people opinion on 'VPN' as a
> general idea? IMHO, the person who came up with the VPN idea should be
> shot, because in most cased all VPN do is create entry points into your
> network (in most cased right past the firewall and some times in the
> hear of your network).

Depends... if you've outlawed remote-access entirely, then VPNs
shouldn't be allowed either (remote-access VPNs, at least.)
If you allow people to use modems to get into your network,
then a VPN may be an improvement in security.

Depends on whether you're more worried about people who
can crack the phone company or frame carrier vs. people who
can crack encryption or client machines on the Internet.  Don't allow
yourself to think the phone company or frame carrier is secure.

WAN-replacement VPNs are an improvement over unencrypted
WAN links.  You don't have to trust your WAN provider anymore.

The point of VPNs is to reduce costs, of course.  The security
administrator's job is to weigh the risk vs. costs.  Hopefully,
you can approach the best of both worlds.

> They also give admins false sence of security:
> the data is encrypted. But if 'rm -rf /' or 'cp porn.html index.html'
> command -- so what?! That command (traffic) is still there!

Someone thinks that encrypting traffic removes one's ability
to delete or copy files?

>    Am I alone in the opinion that VPN mostly suck or is it just
> because I tend to run into a lot of misconfigured cisco routers which
> do encrypt data, but also route packets from others into your net :(

There are risks with VPNs, as with any technology.  I'll be saving about
a million bucks this year with my VPN implementation.  I wouldn't
have been doing my job if I didn't weight that against my
security risks.

                         Ryan