Re: vpn tunel security
- From: "Brian V" <diespammer@xxxxxxxxxx>
- Date: Mon, 26 Nov 2007 22:53:42 -0500
"Brian V" <diespammer@xxxxxxxxxx> wrote in message news:apOdncDYK8vKxtbanZ2dnUVZ_t6onZ2d@xxxxxxxxxxxxxx
"sali" <sali@xxxxxxxxxx> wrote in message news:fifkrq$56p$1@xxxxxxxxxxxxxxxxxwe have vpn corporate network with cisco/1721 and cisco/805 routers over the internetBoth pieces of equipment are EOL/EOS which means they are running out dated software that most certainly has vunerabilites.
since it is quite old equip, can somebody advice how secure are those tunnels going over internet today?
thnx
"sali" <sali@xxxxxxxxxx> wrote in message news:fifob5$66n$1@xxxxxxxxxxxxxxxxx
well, they were payed quite expensive, and for many years they work quite well [we have simply star topology, with static routes, no dynamic connection comming from outside]
since they are outdated eol/eos, does it mean they have to be replaced with new [also expensive] ones, or we can simply wait untile some of them experience some fatal hw shock, and be replaced then?
i am in the process of interrogating my network and trying to estimate potential treats and cost analysis
any experience and advice is helpfull
thnx
Please dont top post, it makes it very difficult for people to read and respond to the threads.
A simple "Star" topology would be refering to a private infrastructure, not a publically facing VPN setup. If by star you are refering to the VPN tunnels that you have then yes, without question you should be running modern updated equipment running current software. As attack signatures and vulnerabilities are introduced vendors bring out updated software to address those attacks. On your out dated equipment those vulnerabilites still exist and can be exploited. Internal routers are a different story in my opinion, those can run "older" software as they are not public facing and do not face the same exploits that edge routers face. You comment on equipment being "expensive", I beg to differ. Equipment these days is very reasonably priced. A modern 2801 router probably costs less than you paid for the 1700 series you have. What is the cost of your corporate private information, what would it cost you if your customer information was stolen? Is it worth more than the couple grand you'll pay for a new edge router? If so, then you have your answer already. In addition to that, VPN should never be run from the edge router, it should be being run from a corporate firewall or dedicated VPN appliance. Edge internet routers should be doing simple filtering, anti-spoofing, simple expoit stuff to keep the load off the firewall. A properly designed and implemented network edge may be much more reasonably priced than you think.
.
- References:
- Re: vpn tunel security
- From: Brian V
- Re: vpn tunel security
- Prev by Date: Re: Natting the DMZ on an 877w
- Next by Date: Re: vpn on 2811 with overlapping networks and all natting on one side
- Previous by thread: Re: vpn tunel security
- Index(es):
Relevant Pages
|
|
