Brian Steele wrote:
>
> Good post. I'd like to add that any proposed replacement for PPTP be
> NT-based - I am certainly not interested in installing another OS on my LAN
> simply to provide VPN access, thereby substituting one potential security
> problem for another.
>
> Brian Steele
This reminds me of an old school janitor I knew. He always said "Duct
Tape and Angle Iron will fix anything". He ment it as a joke.
I fear that many NT "security" people feel the same way. They don't ask
what the problem is before they pull out the duct tape, angle iron, and
NT Server disk. This is a VERY BAD THING.
A person that purposly limits their options, is doing a disservice to
themselves and the company they work for. This is especialy bad when a
"security" person needs a "security" solution, but only looks at a set
of tools proven to be insecure. In this example, Microsoft has yet to
sucessfully create an encryption algorithm, but we have people locking
their options to one based in the Microsoft world.
I'm not here to start a debate on MS vs. *NIX... the point I'm making is
that I have yet to see a single OS provide every solution needed. Linux
is great, I use it quite a bit... but not for everything. BSD is very
good, I use it... bt not for everything, I even use *gulp* closed source
OSes like Solaris from time to time.
Brian, I'm not suggesting that you run to an Open Source solution... or
a UNIX solution, for any security project. I'm not going to tell you all
the reasons why NT is a Bad Idea for security. All I'm gonna say is that
it's never wise to lock out options before you find a solution.
As for options CISCO IPSEC VPN stuff can be had for $1100.00 or so...
PGP VPN is also a nice solution, NAI sells the suite for a small fee
(and you get all their other neat toys). I'm curious to know what
firewall tools are used at the site since some of those have VPN options
as well.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
