Re: VPN -- the next consumer "turnkey"?
- From: "frankdowling1@xxxxxxxxx" <frankdowling1@xxxxxxxxx>
- Date: 22 Dec 2005 00:25:44 -0800
How does this fit into the mix ?
..http://www.hamachi.cc/
Jeff Liebermann wrote:
> On Wed, 21 Dec 2005 19:28:10 GMT, "Eric" <none@xxxxxxxxxx> wrote:
>
> >It seems VPN is making it's way into more and more of the consumer wireless
> >products. Wondering if eventually all the consumer junk will just
> >incorporate VPN and it'll be a standard "turnkey"?
>
> Yes, I think it will be a standard feature. What was stopping it from
> becoming commonplace was:
> 1. Limitations in CPU horsepower and available memory. VPN
> encryption and processing is a rather large resource hog. However,
> recent advances in processor performance, dedicated encryption chips,
> and cheap DRAM have made VPN more accessible to the GUM (great
> unwashed masses).
> 2. Lack of a standardized and free client. Windoze XP supports both
> IPSec and PPTP out of the box. With a little effort, L2TP also.
> However, configuration is complex, and Microsloth offers no
> diagnostics worthy of the name. 3rd party VPN clients work just fine,
> but cost money. I expect some dramatic improvements in the quality
> and ease of installation for VPN clients to come from the file sharing
> crowd, as they seem to be pioneering the technology at this time.
>
> >Q: Doing the VPN thing (software), is OTA encryption "really" needed?
>
> Nope. VPN encryption and replay prevention does a nice job of
> securing a wireless LAN. The local hospitals have such a system,
> where there is no encryption key, but you need a VPN client or SSL
> browser to use the system.
>
> >If my
> >thought process is right, it seems not using OTA encryption at all might be
> >be an advantage if you are doing VPN, anyway. (Or, even just using WEP --
> >not to really add any "security", but simply just to make the wireless
> >network "appear" less attractive?)
>
> There are a few places where it's benificial.
> 1. If you want to protect the initial connection to the VPN or SSL
> server URL or IP address. This is sent unencrypted.
>
> 2. If your access point has no provisions for preventing its use as a
> repeater. The local brats converted my neighborhood wireless LAN into
> their personal game network. None of the traffic hit the internet so
> the router was useless. They didn't even use TCP/IP as any protocol
> will go through a bridge. I eventually solved the problem by enabling
> "AP Protection" (which is really "client protection") and left
> encryption off.
>
> 3. Accidental connections are common. They don't really do any
> damage but they sure mess up my log files. Encryption will keep them
> out.
>
> 4. WPA Encryption is intimately entangled with authentication. If
> you need or want authentication outside the VPN, via perhaps a RADIUS
> server, then encryption might be a good idea to prevent sniffing and
> password recovery. Strictly speaking, VPN provides more than enough
> authentication so it's not really necessary unless you want both
> public and private access via a single access point. If you
> authentiate with the RADIUS server, you go to the internet but not the
> internal LAN. If you authenticate with the VPN, then you go to the
> internal LAN with a different gateway to the internet.
>
> --
> Jeff Liebermann jeffl@xxxxxxxxxxxxxxxxxxxxxx
> 150 Felker St #D http://www.LearnByDestroying.com
> Santa Cruz CA 95060 http://802.11junk.com
> Skype: JeffLiebermann AE6KS 831-336-2558
.
- Follow-Ups:
- Re: VPN -- the next consumer "turnkey"?
- From: Jeff Liebermann
- Re: VPN -- the next consumer "turnkey"?
- References:
- VPN -- the next consumer "turnkey"?
- From: Eric
- Re: VPN -- the next consumer "turnkey"?
- From: Jeff Liebermann
- VPN -- the next consumer "turnkey"?
- Prev by Date: Invitation to join "Security, Privacy & Related Legal Issues"
- Next by Date: Re: Shall I open the box?
- Previous by thread: Re: VPN -- the next consumer "turnkey"?
- Next by thread: Re: VPN -- the next consumer "turnkey"?
- Index(es):
Relevant Pages
|
