Firewall Wizards mailing list archives
Re: Question about L2F tunnels
From: Bill Pennington <billp () rocketcash com>
Date: Thu, 20 Apr 2000 20:01:14 -0700
I would yes, absolutely yes. If you are doing financial transactions then I would think you would want the highest level of protection possible. I would guess the the tunnels security could be breached several ways, an "inside" job as in someone at your ISPs NOC sniffing your tunnel. Another possibility is some breaches your ISPs security and sniffs the tunnel. In both cases if you are encrypted you are protected. "Michele M. Jordan" wrote:
Okay, I had a major provider who is doing Access VPNs tell a customer this: It is their statement that encryption is not necessary since it is not leaving the <provider's> network. The tunnel will provide the necessary security is their position. I then asked her if security wasn't necessary, then why do we need the tunnel? She said to that: "well the tunnel provides the necessary security, so encryption isn't necessary since it is going from router to router and that's the only connection that is possible. This is financial data via a dial-up to a provider pop, provider forwards an L2F tunnel request to my customer, my customer accepts the tunnel request, authenticates via remote Radius, and then initiates the tunnel. If we did do encryption, it would need to be from the provider pop to my customer's router. I think encryption is necessary, what do you think? -Michele
-- Bill Pennington Senior IT Manager Rocketcash billp () rocketcash com http://www.rocketcash.com
Current thread:
- Question about L2F tunnels Michele M. Jordan (Apr 20)
- Re: Question about L2F tunnels Aaron Turner (Apr 20)
- Re: Question about L2F tunnels Bill Pennington (Apr 21)