Firewall Wizards mailing list archives

RE: Opinions on VPN?

From: "Litney, Tom" <TLitney () caiso com>
Date: Mon, 19 Apr 1999 10:12:54 -0700


Assuming that this is not a troll, I would have to disagree.  VPN's are just
one of the tools in the security tool belt not the magic security silver
bullet.  VPN's as a concept do not "suck", in my opinion.  Indeed, they
perform a critical function in my overall security architecture.  But you
have to implement them with reason and understand the implications in
employing them.  VPN's have craved out a niche in the lower speed network
links (up to about t3 speeds).  They provide a method to encrypt traffic and
conceal it from curious eyes.  Several firewall implementation support point
to point VPN tunnels to protect internet traffic.  These tunnels terminate
on the firewall and then may pass unencrypted traffic to the internal
network.  You may also choose to allow encrypted traffic to pass through
your firewall based on a sufficient business case.  In that case you are
correct, it is hard to filter bad things out of traffic you can't read.
Sorry guy, security is a myth that we perpetrate on our user community.
There is no really security in a computer sense or in a personal sense.  We
all must be responsible for providing our own protection no matter what
controls we feel are in place.  Anyone who feels secure just because the
employ VPN's or any other security controls will learn a hard lesson in the
future.  Just my thoughts.

        Tom


        Hi folks,

        Just wanted to find out what other people opinion on 'VPN' as a
general idea? IMHO, the person who came up with the VPN idea should be
shot, because in most cased all VPN do is create entry points into your
network (in most cased right past the firewall and some times in the
hear of your network). They also give admins false sence of security:
the data is encrypted. But if 'rm -rf /' or 'cp porn.html index.html'
command -- so what?! That command (traffic) is still there!

        Am I alone in the opinion that VPN mostly suck or is it just
because I tend to run into a lot of misconfigured cisco routers which
do encrypt data, but also route packets from others into your net :(

-- Yan

Current thread:

Opinions on VPN? Jan B. Koum (Apr 18)
- Re: Opinions on VPN? Frederick M Avolio (Apr 19)
- Re: Opinions on VPN? Andreas Gunnarsson (Apr 19)
- Re: Opinions on VPN? Jonathan Poole (Apr 20)
- Re: Opinions on VPN? Rick Smith (Apr 20)
- Message not available
  - Re: Opinions on VPN? dreamwvr (Apr 20)
- <Possible follow-ups>
- Re: Opinions on VPN? Ryan Russell (Apr 19)
  - Re: Opinions on VPN? Paul M. Cardon (Apr 20)
- RE: Opinions on VPN? Kyle Starkey (Apr 20)
- RE: Opinions on VPN? Litney, Tom (Apr 20)
  - Re: Opinions on VPN? Philip S Holt, Security Engineer / Network Engineer (Apr 21)
- RE: Opinions on VPN? John McDonald (Apr 20)
  - RE: Opinions on VPN? dreamwvr (Apr 21)
    - RE: Opinions on VPN? Andreas Gunnarsson (Apr 22)
- RE: Opinions on VPN? Dendeni, Iyes (Apr 21)
- RE: Opinions on VPN? Litney, Tom (Apr 21)
- RE: Opinions on VPN? Russ (Apr 21)
- Re: Opinions on VPN? Rodney van den Oever (Apr 22)
- RE: Opinions on VPN? Russ (Apr 23)
  - RE: Opinions on VPN? David Bovee (Apr 24)

(Thread continues...)