Firewalls: Re: VPNs and PPTP

Firewalls
(August 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: VPNs and PPTP
From:	Frank Darden <fdarden @ locked . com>
Date:	Sat, 30 Aug 1997 14:38:26 -0400
To:	Randy B Lymn <rblim @ aht . com>, Carlos Eduardo Miranda Zottman <24279 @ hades01 . stj . gov . br>
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<340734D3 . 15FB7483 @ aht . com>
References:	<199708281806 . PAA15302 @ melpomene . stj . gov . br>

At 01:45 PM 8/29/97 -0700, Randy B Lymn wrote:
>Carlos Eduardo Miranda Zottman wrote:
>> 
>> Hello everybody!
>> 
>> I would like some comments on the following issues:
>> 
>> 1) Is it safe enough to build a Virtual Private Network over the
>> Internet, considering the main aspect of data confidentiality, with the
>> solutions available today? If so, wich solutions are recomended?
supposedly so. Of course, any mismanaged solution will be unsafe. Implement
carefully!


>How about VPN solutions(based on IETF socket 5) from Aventail in
>Seattle? I heard them clarify VPN over the Internet with security
>guaranteed... , 
I would be very reluctant to roll out a bunch of "PC" based servers to sit
between corporate and a remote sites router, as aventail depicts. They are
one of the many "software vpn" solutions available on the market. This is
not to say that their product is either good or bad, I just dont think the
management aspect of such a solution is a reality unless you are only using
1 or 2 paris of these things. 

>
>I would like to see some comments on Aventail VPN products. Any ideas?
I would HIGHLY recommend that you look into Timestep http://www.timestep.com
Timestep Manufactures a hardware based VPN solution that seems to be pretty
decent - Assuming your lan is 10-base-t! I did an eval not too long ago
with VPN solutions. What what I could see, all these products have a long
way to go before they become mainstream.. When evaluating these products,
look for standards compliance (ISAKMP/OAKLEY, SKIP IPSEC, DES,  RSA, etc.)
Again, if its for a small project thats not going to grow, you could
potentially go with any point solution. I prefer a hardware based solid
state box, but then again, I was looking at enterprise wide solutions. 

Hope this helps,

Frank

>> Thanks in advance,
>> 
>> Carlos Zottmann
>> zottmann @
 stj .
 gov .
 br
>> 
>>     ---------------------------------------------------------------
>> 
>>                      Name: WINMAIL.DAT
>>                      Type: unspecified type
>>    Part 1.2                (application/octet-stream)
>>                  Encoding: base64
>>               Description: WINMAIL.DAT
>Randy B. Lim
>
Mission Critical Systems, Inc. 
Network Security Specialists
(954)568-3008
http://www.locked.com
email for PGP key

References:

VPNs and PPTP
From: "Carlos Eduardo Miranda Zottman" <24279 @ hades01 . stj . gov . br>
Re: VPNs and PPTP
From: Randy B Lymn <rblim @ aht . com>

Indexed By Date	Previous:	Re: credit card fraud From: Inno Eroraha <eroraha @ tis . com>
Indexed By Date	Next:	Re: Remote Firewall Penetration Testing From: Frank Willoughby <frankw @ in . net>
Indexed By Thread	Previous:	Re: VPNs and PPTP From: Randy B Lymn <rblim @ aht . com>
Indexed By Thread	Next:	RE: VPNs and PPTP From: Psihoyios Panayiotes <ppsihoyios @ techno . hol . gr>