Just a little .... slap on the wrist :-P
Merton Campbell Crockett wrote:
>
> L2TP is interesting from a security perspective as it isolates the system
> from its current network and connects it to the target network. Once the
> connection is established to the target network, all connectivity is lost
> to the local network, i.e. any mapped drives are unreachable as are any
> shared devices such as printers.
>
> Voila! None of the back channel problems of IPsec.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
IPsec implementations do not have a back channel problems unless
you configure them to have back channel problems.
It is completely possibly to divert ALL traffic to the IPsec connection
("VPN tunnel"), the same way it is possible to establish a connection
only for a single port and forward all other traffic in plain text.
Flexibility does not automagically mean insecurity.
I for one would rather be able to choose which way best fits my
needs (and security model).
Just my $.02
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
