[nycbug-talk] VPN vs IPsec

[max]

IPsec worked great for me to secure all comms between my colo'ed machine and home network. It uses racoon to do ike and freebsd has good userland toos for this.
You need to create tunnels though, and apply ipsec policy, but of course thats what shell scripting is for.
NoCatAuth was what I heard also as primary recommendation for this, since the point would be to protect dhcp leases on your network (from what i understand). If you want to be real paranoid, lock up mac addresses on the wap.
And I dont think keeping your wifi network open is a good idea at all - everytime i see one my hands itch to load up some script kiddie toys i have and find some korean ip's..

just my redundant 2c..




On Fri, Jul 15, 2005 at 01:25:54PM -0400, michael wrote:
> After the last NYCBUG talk "Angelos Keromytis: OpenBSD IPsec stack" I have been reading up on securing a wifi connection.  Two alternatives to WEP are OpenVPN and IPsec.
> 
> According to a SANS white paper (http://www.sans.org/rr/whitepapers/vpns/1459.php) "IPsec VPNs are either too expensive or too difficult to use securely."  The paper goes on to support OpenVPN.
> 
> Angelos gave an informative talk and even put up graphs that showed IPsec pushes more/faster.
> 
> I know there are a lot of variables to examine, but...
> 1. Does anyone bother to secure wifi beyond WEP?
> 2. Are OpenVPN and IPsec good alternatives?
> 3. Of those which makes more sense for a wifi installation?
> 
> Michael
> 
> 
> -- 
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>