Firewall Wizards mailing list archives
Re: VPNmadness gets more support;
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Wed, 9 Feb 2005 00:09:56 -0500 (EST)
On Tue, 8 Feb 2005, Dave Piscitello wrote:
And the alternative is, "send everything in clear text?", or the ever- popular, "don't connect!" Pure drivel.
I don't think that was the focus, was not what I read into the whole mess. At the same time vpn's, unless in a resitricted small setup, do not scale well in an ability to provide any real sense of security by the threats most envs are faced with today. And many orgs still don't fully understand that their perimiter is expanded by trust boundries.
It seems that all this report confirms is that, given choices for identity and authentication, people will always choose poorly. The reason VPNs come under fire is that they've been overhyped and as a result, what the technologies actually do accomplish is undermined by the unrealistic expectations any "panacea" accrues.
And yet they are rolled out to the masses as a 'solution'. when trust needs to expand verification of some level of security policy compliance needs to be made part of the solutiuon to actually acomplish anything in the sense of secure access/communications. I perhaps meat this out some in related replies and another thread on this topic, <see; to Avishai Wool;; Re: [fw-wiz] risk level associated with VPNs?>. Thanks, Ron DuFresne
On 2 Feb 2005 at 19:20, R. DuFresne wrote:We asked about a year and a half ago <maybe two years ago even...> a number of folks on and off this list if our prediction that the use of VPN's resulted in our suspected hypothoses that 75% or more of all the VPN solutions in place actually did little or nothing to protect assests for those employing them, well, the precentage we claimed at the time should perhaps be boosted to 90%+ now eh: February 01, vnunet.com - Virtual private networks (VPNs) are often the weakest security link, study says. A three-year research project by securityfirm NTA Monitor has concluded that nine out of 10 virtual private networks(VPNs) have exploitable vulnerabilities. Most of the companies that had their VPNs tested as part of the project thought that they were invulnerableto hackers, but researchers found the same types of flaw repeated across the whole product range. The report stated that, in some cases, VPNs were actually the weakest security link in an organization. The most widespread flaw involved the hacking of user names. Other vulnerabilities center around password cracking. Report: http://www.nta-monitor.com/news/vpn-flaws/index.htm Source: http://www.vnunet.com/news/1160912 Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com ...Love is the ultimate outlaw. It just won't adhere to rules. The most any of us can do is sign on as it's accomplice. Instead of vowing to honor and obey, maybe we should swear to aid and abet. That would mean that security is out of the question. The words "make" and "stay" become inappropriate. My love for you has no strings attached. I love you for free... -Tom Robins <Still Life With Woodpecker> _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com ...Love is the ultimate outlaw. It just won't adhere to rules. The most any of us can do is sign on as it's accomplice. Instead of vowing to honor and obey, maybe we should swear to aid and abet. That would mean that security is out of the question. The words "make" and "stay" become inappropriate. My love for you has no strings attached. I love you for free... -Tom Robins <Still Life With Woodpecker> _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- VPNmadness gets more support; R. DuFresne (Feb 03)
- Re: VPNmadness gets more support; Kevin Sheldrake (Feb 05)
- Re: VPNmadness gets more support; R. DuFresne (Feb 05)
- Re: VPNmadness gets more support; Dave Piscitello (Feb 11)
- Re: VPNmadness gets more support; R. DuFresne (Feb 11)
- RE: VPNmadness gets more support; Tina Bird (Feb 12)
- A few sql 2000 related questions Mike LeBlanc (Feb 12)
- RE: A few sql 2000 related questions Paul Melson (Feb 14)
- Re: VPNmadness gets more support; R. DuFresne (Feb 11)
- Re: VPNmadness gets more support; Kevin Sheldrake (Feb 05)
- Re: VPNmadness gets more support; Paul D. Robertson (Feb 11)
- Re: VPNmadness gets more support; Frederick M Avolio (Feb 12)
- Re: VPNmadness gets more support; Steven M. Bellovin (Feb 14)
- Re: VPNmadness gets more support; ArkanoiD (Feb 14)
- Re: VPNmadness gets more support; Marcus J. Ranum (Feb 14)
- Re: VPNmadness gets more support; George Capehart (Feb 12)
- Re: VPNmadness gets more support; Paul D. Robertson (Feb 19)