Are there any firewalls, that would allow building secure virtual private
networks (VPN) and be available in Europe?
Most of the firewalls are made or shipped from USA, which means the
encryption they use is weak and easily breakable. No encryption software
that is actually strong is allowed to be exported from US, that's a fact.
And I don't believe this will change in the nearest years.
Especially bad this is with Firewall-1, which uses a proprietary algorithm
FWZ1, which they do not want to give any details on. And as the key size
is 48 bits, I don't believe it is not secure enough for places where you
want to be really certain what you are doing. Although Firewall-1 VPN
solution is otherwise very nice product, this weak encryption makes it
unusable. This applies to all the other firewall products also, that come
from US. So are there some non-US tunneling products that we could use?
F-Secure SSH is one solution that could be used for encrypting
connections, but I am not so sure how I should handle using it together
with the firewall. Allowing all the connections to port 22 lets many
services past the firewall, which means you should configure part of the
allowed services in SSH Server (as it allows TCP port forwarding).
F-Secure VPN that will be available in the nearest future requires a
separate PC to run the software. I am not sure this is a good idea,
compared to running the VPN on firewall server.
So are there any suggestions what to do? Use insecure crippled encryption
and take the risk that nobody will bother to decrypt the packets? Wait for
new products to be available?