According to Mike Jones
> Frank Willoughby writes...
> > A note or two of interest about VPN's over the Internet:
> > o Many (most?) firewalls when performing firewall->firewall encryption
> > are only providing an IP encryption tunnel through the firewalls.
> > It is important to note that *NO* applications filtering is performed.
> > While this may offer protection from a MITM (Man-In-The-Middle) attack
> > (Internet, etc), it offers *NO* protection from the other entity's
> > network. A problem on their network is a problem on your network.
> This is a *very good* point. I was talking to a customer recently who
> manufactures snowmobile equipment and works with the likes of Polaris,
> Arctic Cat, etc., and who would like to exchange some pretty sensitive
> (trade secret) information with them over the Internet. They initially
> wanted me to come in and talk about VPN's and FW-FW encryption, but
> after I brought this point up to them they suddenly realized that
> end-to-end encryption with something like PGP is better for some
Have a look at the KarlBridge/KarlBrouter, this can do encrypted VPNs
(using proprietary software encryptin currently, DES on its way).
This will perform any filering BEFORE the tunnelling.
have a look at http://www.karlnet.com/ in the US
http://www.gbnet.net/kbridge/ in UK/Europe
home steve @
org * Flat 2, 43 Howitt Road, Belsize Pk, London NW3 4LU
work steve @
net * tel +44-(0)171 483 1169 FAX +44-(0)181 444 6103
www http://www.gbnet.net/ *
bits steve @
net * Orange mobile +44-(0)973 600050
Euro firewall info - send mail to majordomo @
net (subscribe firewalls-uk)