RE: (IPSec alternatives)

From: Truman, Michelle, RTSLS (mtruman@att.com)
Date: Thu Jun 12 2003 - 16:31:46 GMT-3

:-) I'm ok with the point that NOTHING is ultimately hack proof. I think the sooner people realize that, the sooner they adopt better security practices.

Of course, backhoe hacks are always a possibility anyway, so you have to consider reliability to be as important as security since either one can result in lost availability.

Michelle Truman CCIE # 8098
Principal Technical Consultant
AT&T Solutions Center
mailto:mtruman@att.com
Work: 651-998-0949

-----Original Message-----
From: McCallum, Robert [mailto:Robert.McCallum@let-it-be-thus.com]
Sent: Thursday, June 12, 2003 2:25 PM
To: Truman, Michelle, RTSLS; Peter van Oene; ccielab@groupstudy.com
Subject: RE: (IPSec alternatives)

obviously it would take me much longer to travel to your fibre location ;-?

> -----Original Message-----
> From: Truman, Michelle, RTSLS [mailto:mtruman@att.com]
> Sent: 12 June 2003 17:58
> To: Peter van Oene; ccielab@groupstudy.com
> Subject: RE: (IPSec alternatives)
>
>
> The only thing that protects you from the provider is dark fiber and
> private line. Beyond that, you are on a partitioned network. Many
> thousands of folks have been comfortable with frame and atm. VRF is no
> different. You have vulnerability in the provisioning process, so you
> better be with a carrier who has systems designed to scale
> provisioning
> and safeguards for provisioning errors.
>
>
>
> Michelle Truman CCIE # 8098
> Principal Technical Consultant
> AT&T Solutions Center
> mailto:mtruman@att.com
> Work: 651-998-0949
>
>
>
>
>
> -----Original Message-----
> From: Peter van Oene [mailto:pvo@usermail.com]
> Sent: Thursday, June 12, 2003 9:31 AM
> To: 'ccielab@groupstudy.com'
> Subject: RE: (IPSec alternatives)
>
>
> At 08:33 AM 6/12/2003 +0100, McCallum, Robert wrote:
> >why use IPSEC dont you trust MPLS vrfs?
>
> VRFs do not protect you from the provider, or any
> intermediary providers
> in
> a carrier of carrier networks. I imagine some folks might be
> uncomfortable
> with this.
>
> Pete
>
>
> > > -----Original Message-----
> > > From: Howard C. Berkowitz [mailto:hcb@gettcomm.com]
> > > Sent: 11 June 2003 23:06
> > > To: 'ccielab@groupstudy.com'
> > > Subject: Re: (IPSec alternatives)
> > >
> > >
> > > At 8:57 PM +0100 6/11/03, R&S Groupstudy wrote:
> > > >Hi,
> > > >
> > > >Please can I hear peoples views on the following:
> > > >
> > > >I want to connect three sites together via the internet. (I
> > > just made this
> > > >up)
> > >
> > > Before going farther, you need to a bit more defining of
> the problem
> > > you want to solve, as well as the technology. I think of VPDN as
> > > virtual private dial network, so where is the dialing if you are
> > > running over the Internet? To the ISP?
> > >
> > > Are there other kinds of data not requiring security that
> need to go
> > > over the same tunnels, which would be a reason for GRE?
> > >
> > > Where is the IPSec encryption taking place? Hosts? Your
> > > gateways? ISP gateways?
> > >
> > > >
> > > >I have FW IOS feature set routers .
> > > >
> > > >what are the pros and cons of implementing
> > > >
> > > >1. native IPSEC
> > > >2. IPSEC over GRE tunnels
> > > >3. IPsec using VPDN peering beyween routers.
> > > >
> > > >cheers
> > > >
> > > >Adam

This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:10:57 GMT-3