"Derek D. Martin" wrote:
> But when setting up such a system, you also need to consider what
> level of risk is acceptable, and how much you are willing to pay to
> keep your data secure. For most circumstances, a key length of 4096
> bits is just silly, and you should know that before you go ahead and
> select it. If you really NEED that level of protection, chances are
> you can afford the hardware that you'll need to pull it off.
I won't use anything less than 4096-bit for authentication keys. To
some, that may be considered overkill, but to me it's plain old common
sence. I'm not just protecting my home network, I'm protecting the
network of the company that I am connecting to, the networks of the
companies that the company I am connecting to does business with, all of
the intellectual property that all of these companies entrust to one
another, and so on, and so on, and scooby dooby dooby.... Yes, I know: "
At some point the universe itself is a single point of failure".
However, I refuse to contribute to the apathy that causes most cracks.
> Also, in the context of the original poster's message, does this make
> any sense? I'm still not really sure what Ferenc wanted to do either,
> but from the sounds of it he just wanted to connect one network to the
> outside world (either to the internet via NAT firewall, or perhaps to
> a corporate VPN). We're probably not talking about anything even
> close to the level of activity you're describing, and you yourself
> told me that a single P75 would perform acceptably both as a firewall
> and as the endpoint of a single VPN tunnel.
I'll do this in reverse order:
Yes, a P75 would perform just fine as a firewall and VPN gateway for
you. On *YOUR* end. However, that P75 is *NOT* acting as a corporate
firewall. Nor is it handling a large amount of traffic. It also isn't
handling multiple tunnels.
As for does this make sense, yes, it does. The question was how to
connect a system to a corporate firewall, and FreeS/WAN was an example
given. There are always two ends to the VPN tunnel. On the end users
side, there really aren't too many things to worry about as far as
system hardware. On the corporate side, however, there are a lot of
things that need to be considered. Especially what to do if it doesn't
"Just Work"(TM) and the firewall goes down.
Kenny
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
