Re: Why VPNs aren't magic silver bullet solutions

["Volker Tanger" <Volker.Tanger () globalone net>]

Greetings!

marty wrote:

> > VPNs are _very_ useful, if used right. As I said, they're
> > the equivalent of a heavily guarded point-to-point line.
>
> but, coming back to my point, where is the pros/cons that will help
> you decide between application level security and a VPN ??

Unencrypted VPNs only increase the number of networks which can be
connected via the same backbone. You can connect hundreds of 10.0.0.0/8
networks via the same (unencrypted) VPN-backbone cloud without
interferences (except performance).  Unencrypted VPN does NOT add any
security!

Encrypted VPNs are good for connecting two (or more) equally trusted
LANs (e.g. of remote offices) via an insecure network (e.g. internet).
Please note the "equally trusted" here!  With VPN you will have no
differentiation between the two end point( network)s with respect to
services available.

Application (or even IP) level security provides a filter mechanism
between networks with different trust (e.g. internal network and
internet).

In real-world terms VPN is your private (maybe arm(our)ed ) messenger
service whereas an IP security gateway compares to a doorguard. And as
you most often can contract messenger and security personnel off the
same company, you will often find VPN and IP security gateway available
from the same company too - quite probably bundled into one product.

Bye
    Volker

--

Volker Tanger  <volker.tanger () globalone net>
--------------------------------------------
Sr. Security Engineer  Tel. +49-69-92901-570
--------------------------------------------
Global One
  Global Security
    Global Service Engineering



_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards