Re: SSL vs IPSec VPNs

[Kerry <kerry.milestone () gmail com>]

Remembering that with IPv6, IPSec is part of the protocol it may make
sense to use IPsec and at the same time a good chance for yourself to
gather learning about how it works.

From:  http://ipv6.com/articles/security/IPsec.htm

IPsec is a mandatory component for IPv6, and therefore, the IPsec
security model is required to be supported for all IPv6
implementations in near future. In IPv6, IPsec is implemented using
the AH authentication header and the ESP extension header. Since at
the present moment, IPv4 IPsec is available in nearly all client and
server OS platforms, the IPSec IPv6 advanced security can be deployed
by IT administrators immediately, without changing applications or
networks.


-------- Original Message --------
Subject: [Pauldotcom] SSL vs IPSec VPNs
Date: Tue, 19 Oct 2010 09:41:05 -0400
From: Michael Douglas <mick () pauldotcom com>
Reply-To: PaulDotCom Security Weekly Mailing
List    <pauldotcom () mail pauldotcom com>
To: pauldotcom () pdc-mail pauldotcom com

Hey all,

I'm trying to determine what protocols should be permitted on a new
VPN concentrator.

I'd like to stick with IPSec, it's tried and true, and to quote Garth:
"We fear change".  However, it seems that all the vendors are going
down the SSL route.  Now I know SSL is 'safe', but it seems like it's
more open to attacks like SSLStrip (thanks again Moxie for making us
aware of the problems!)  I get that SSL is easier for administrators
and end users alike, but is that convenience at too high a cost?

So what are your thoughts?  Am I being too paranoid?  If there are
articles or places where I should RTFM, that's cool... I just need to
know what FM to read!!  Please send the links/info  ;-)


Thanks for your input, and have a nice day!
- Mick
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com