*>>**If we have to run vpn over the top of it then the provider isn't providing what you are paying for.*
Better safe than sorry. Think of any multi-tenant hosting environment. Regardless of how assuring the vendor is with the customer, do you suppose that 100% of the traffic traverse completely separate and distinct physical infrastructure? If there is shared infrastructure, do you fully trust that the logical separation that is employed will address both accidental and deliberate tampering by someone at the vendor? What happens with an innocent configuration change that lets data from two tenants go through the same area for some period of time? Encryption "costs" less and less these days in terms of performance penalty. There no real reason not to do it for the vast majority of cases... -ASB: http://XeeSM.com/AndrewBaker On Thu, May 13, 2010 at 7:34 PM, James Hill <[email protected]>wrote: > If our governments can intercept/inspect encrypted traffic (which I'm told > they can) then other less trustworthy people(although depending on where you > live, the government may fall into that category too) can as well. > > Once data leaves your physical premises it really is in the hands of > whoever has access to the various paths along the way to its destination. > > I don't think cleartext Telnet and email are a fair comparison. Those > things were never advertised as secure. I'm talking about using a network > that is supposed to be private/secure provided by a company that we are > paying for this service. If we have to run vpn over the top of it then the > provider isn't providing what you are paying for. > > > -----Original Message----- > From: Ben Scott [mailto:[email protected]] > Sent: Friday, 14 May 2010 9:19 AM > To: NT System Admin Issues > Subject: Re: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN > question) > > On Thu, May 13, 2010 at 5:53 PM, James Hill <[email protected]> > wrote: > > However if you feel you have to run a vpn then I'd say get a better > provider. > > I'd rather be safe than sorry. People used to think cleartext Telnet > wasn't worth worrying about either. Or email. Or whatever. > They've always been proved wrong in time. I don't want my employer to be > the next statistic. Especially given that industrial espionage is > increasing at an astronomical pace. All it would take is one guy working at > the carrier getting paid off by the Chinese. (Or the CIA, if you're not > US.) > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
