Re: General security question

[Frederick M Avolio <fred () avolio com>]

Sounds like you need to hire an expert. No, I'm not trying to sell you my 
services. I'm pointing out from my years of experience on the Internet that 
getting the advice you need from an Internet mailing list often proves the 
old saying "you get what you pay for."

Marcus warned you, "as a general rule, a VPN is useless if you don't know
anything about the security at the other end. Indeed, the whole notion
of doing a secure transaction/data transfer to a site where you don't
know anything about the security is kind of dubious." And then he did make 
some recommendations because he's a nice guy and you asked.

But let's briefly expand on what Marcus was pointing out by asking a 
question. Why do you want a VPN? One answer might be, "to keep the 
transactions details confidential." If that is your main purpose, then you 
need more than a VPN. As Marcus hinted, there is more to worry about than 
the transaction flow over the Internet. Since you know nothing about the 
other side's security, then you must assume the worst. If you assume the 
worst, the transaction will be vulnerable to interception everywhere 
including on the other side's network.  If this is your concern, you must 
know the state of their network security.

"Oh," you may reply," we're really interested in limiting our legal 
liability." In that case, deploy a VPN top show a best effort on your part. 
But know that your transaction may not be secure.


Fred
Avolio Consulting, Inc.
16228 Frederick Road, PO Box 609, Lisbon, MD 21765, US
+1 410-309-6910 (voice) +1 410-309-6911 (fax)
http://www.avolio.com/


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards