From owner-freebsd-questions@FreeBSD.ORG Wed Jun 6 12:54:40 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0FF4F16A468 for ; Wed, 6 Jun 2007 12:54:40 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com [66.111.4.25]) by mx1.freebsd.org (Postfix) with ESMTP id DCB2013C469 for ; Wed, 6 Jun 2007 12:54:39 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id 713102372EF; Wed, 6 Jun 2007 08:54:39 -0400 (EDT) Received: from heartbeat2.messagingengine.com ([10.202.2.161]) by compute1.internal (MEProxy); Wed, 06 Jun 2007 08:54:39 -0400 X-Sasl-enc: SlhgNia996tohGd6THNu3Bg43r+5aQkJ6wrHrdZNx6bg 1181134479 Received: from [10.1.10.136] (n114.ewd.goldmark.org [72.64.118.114]) by mail.messagingengine.com (Postfix) with ESMTP id 27DC310B11; Wed, 6 Jun 2007 08:54:39 -0400 (EDT) In-Reply-To: <000a01c7a819$f782c620$e6885260$@co.za> References: <000a01c7a819$f782c620$e6885260$@co.za> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <28389A6A-445D-4A28-A54D-BBB0A6BF46AD@goldmark.org> Content-Transfer-Encoding: 7bit From: Jeffrey Goldberg Date: Wed, 6 Jun 2007 07:54:37 -0500 To: Steven X-Mailer: Apple Mail (2.752.2) Cc: freebsd-questions@freebsd.org Subject: Re: how secure is a VPN X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jun 2007 12:54:40 -0000 On Jun 6, 2007, at 4:06 AM, Steven wrote: > I have setup various VPN links using a variety of routers and > configurations, and always been under the assumption that they are > fairly > well secured if setup correctly. Now I understand that the level of > security will differ depending on your particular setup. However I > guy I > know who runs a rather large ISP claims that under the current SA > infrastructure VPN's are simply not secure at all. > > Does anybody have any thoughts on this, am I blissfully unaware, is > there > some truth behind this? I think that people saying it is secure and people saying it isn't secure are talking about different things. Most VPN set-ups do what they are supposed to do "securely". But often what they are supposed to do is "insecure". What I mean by the latter is that they often allow unsecured home machines which may be compromised in many different ways join a "secure" remote internal network. That is, people typically use VPNs to allow external machines (or networks) to join a local network. That's what they do. But allowing that can be very insecure. Basically it is important to by distrustful of hosts on the VPN. Again, I'm just guessing at what might be behind the seemingly contradictory claims that you've heard. Cheers, -j -- Jeffrey Goldberg http://www.goldmark.org/jeff/