You are right... sort of. VPN and SSL arent the same thing at all so it's a bad comparison. I wasn't comparing the two or saying use one OVER the other. I did just sort of throw that in there though so sorry for not clarifying.
Using VPNs on the local network (and to tunnel to offsite machines that you are able to do so with) will encrypt that traffic... making it more secure than unencrypted ;-) But from what I've read about VPNs and MS's challenge handshake authentication, usernames are sent in CLEAR TEXT (WHAT!? I haven't proven that for myself) so you're already halfway through a bruteforce of the complete login criteria. So yeah, you are right in that it may not be very reliable. But I wouldn't call it overkill since it's more reliable than say... nothing. -----Original Message----- From: Tom Chiverton [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 04, 2006 10:14 AM To: CF-Talk Subject: Re: Break it down for n00bs: security problems of non-SSL intranet? On Monday 02 October 2006 20:02, Bobby Hartsfield wrote: > ....VPN is your friend. :-) Typically, a VPN isn't any more reliable from a security PoV than SSL, and most of the time is overkill anyway. -- Tom Chiverton Helping to completely grow market-driven environments **************************************************** This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at St James's Court Brown Street Manchester M2 2JF. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by the Law Society. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 8008. For more information about Halliwells LLP visit www.halliwells.com. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:255419 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
