On Thu, Mar 13, 2003 at 04:55:16PM +1100, Adam W wrote: > Just on this topic of VPN's. I have been meaning to ask everybody. How > secure are VPN's in terms of packet sniffers/encryption etc. The company
This is a "how long is a piece of string" question. It all depends upon the encryption used, the strength of the keys and key management, authentication and access control and the security of the VPN server and client. The weakest point is probably the client machine. How many users (especially Windows users) secure their machines? Cisco's VPN client (and maybe others) blocks *all* external network access to the machine it's running on as a protection against an attack on the VPN via a remote client. Read through some of the info on the VPN site (http://cpn.shmoo.com/) for more detailed explanation of the strengths and weaknesses of various VPN solutions. > This isnt to say we havent got VPN access - they have set up a win2k > server to do this, though they make everyone use citrix nFuse(over a > 128bit SSL connection), and only special people (like me :) get to use a > VPN. You can run your VPN over SSL so you can tell the PHBs that it's as secure as Citrix :-) There's a chapter on ppp over ssl in the Linux VPN book I referred to earlier. I haven't read it all, but from what I have read it appears that ppp over ssh is easier to setup and troubleshoot and at least as secure. Cheers, John -- whois [EMAIL PROTECTED] GPG key id: 0xD59C360F http://kirriwa.net/john/ -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
