“think sanely about security rant”
I love it. The world needs more of this.
A lot of security nonsense we hear from self-important experts reminds me of
the steel door I once saw with an impressive deadbolt but the hinge pins on the
outside. Like the people worrying endlessly about man-in-the-middle hackers
but you can reset their email password with their pet’s name and reset
everything else once you control their email account. Social engineering is
behind most security breaches. Once you are on the inside, you don’t need to
be in the middle. No, you were not hacked, you were stupid and you were
scammed, but calling that hacking is an insult to hackers.
From: Tyler Treat
Sent: Thursday, December 24, 2015 11:32 AM
To: af@afmug.com
Subject: Re: [AFMUG] Tik to Tik VPN: best trade off between performanceand
security
love this.
--------------------------------------------------------------------------------
From: Af <af-boun...@afmug.com> on behalf of Joshaven Mailing Lists
<lis...@joshaven.com>
Sent: Thursday, December 24, 2015 11:05 AM
To: af@afmug.com
Subject: Re: [AFMUG] Tik to Tik VPN: best trade off between performance and
security
PPTP has lower encryption levels then most and uses basic user/pass to encrypt
and not large keys… however calling it insecure is throwing much more mud on
the face of PPTP then it deserves. It is not even remotely close to no
encryption which isn’t insecure because encryption no more equal to security
then having a bank account is equal to being rich… the user can receive a key
logger virus through an encrypted tunnel just as easily as a non-encrypted
tunnel and even an unencrypted tunnel cannot be interfered with if you cannot
access the stream of data in-between the endpoints.
Ultimately I expect that if a someone is going to breech a system then they
will probably do it regardless of the encryption level of a tunnel. So… if you
want to be able to VPN into a router simply then I see no harm in PPTP unless
you expect a hacker setting in the middle of your tunnel just waiting to bruit
force decrypt the captured packets… If you are interconnecting two bank
branches then first off the applications should be responsible for the data
security but it is still a good idea to use something with the highest level of
security.
Sometimes PPTP is still a good option, sometimes better encryption is a good
idea. However, tunnel encryption is never an excuse to allow data access to
unauthorized users so the applications accessibility is what should really be
our concern.
Sorry, I’m on my think sanely about security rant… done now.
Sincerely,
Joshaven Potter
Google Hangouts: j...@g2wireless.co
Cell & SMS: 1-517-607-9370
supp...@joshaven.com
On Dec 22, 2015, at 8:43 PM, Josh Reynolds <j...@kyneticwifi.com> wrote:
I don't know if ipsec is hardware offloaded on Mikrotik, but if it is it's
probably your best bet. EoIP does have a performance/overhead hit.. Wasn't
there something fairly recent about eoip+ipsec? PPTP is NOT security any more
than WEP is. Most opensource products have removed it at this point - shame on
MikroTik for not following suit.
On Dec 22, 2015 7:37 PM, "Mathew Howard" <mhoward...@gmail.com> wrote:
You apparently can do encryption on EOIP now... I haven't tried it though,
so I have no idea if it actually works or if it spoils the simplicity part...
On Tue, Dec 22, 2015 at 7:04 PM, Josh Luthman <j...@imaginenetworksllc.com>
wrote:
EOIP wouldn't be encrypted...
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Tue, Dec 22, 2015 at 7:57 PM, Tyler Treat
<tyler.tr...@cornbelttech.com> wrote:
If only EOIP. Damn I love the simplicity.
On Dec 22, 2015, at 6:51 PM, Josh Luthman <j...@imaginenetworksllc.com>
wrote:
OVPN probably? Not sure about IPSec on the CCR.
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Tue, Dec 22, 2015 at 7:49 PM, Tyler Treat
<tyler.tr...@cornbelttech.com> wrote:
Tunneling between 2 sites, not trying to bridge a single subnet or
any nonsense like that. Well connected on either end.
Which style of tunnel is going to provide the best security vs
performance value.
Thinking CCR as a concentrator with 2011's or crs125's at end
points.
Feedback appreciated.
Thanks!
Tyler
___________________________
Mangled by my iPhone.
___________________________
Tyler Treat
Corn Belt Technologies, Inc.
tyler.tr...@cornbelttech.com
___________________________
