[nycbug-talk] VPN vs IPsec
George R.
george
Fri Jul 15 13:38:09 EDT 2005
michael wrote:
> After the last NYCBUG talk "Angelos Keromytis: OpenBSD IPsec stack" I
> have been reading up on securing a wifi connection. Two alternatives
> to WEP are OpenVPN and IPsec.
>
> According to a SANS white paper
> (http://www.sans.org/rr/whitepapers/vpns/1459.php) "IPsec VPNs are
> either too expensive or too difficult to use securely." The paper
> goes on to support OpenVPN.
>
while there are some great documents in the SANS reading room, don't use
it as the ultimate truth. . .
> Angelos gave an informative talk and even put up graphs that showed
> IPsec pushes more/faster.
>
But with a more complex setup. . . as a drawback, say, versus an SSH tunnel.
> I know there are a lot of variables to examine, but... 1. Does anyone
> bother to secure wifi beyond WEP?
Personally, no, since no WPA support in FBSD until 6.0. The point of
securing a home network, IMHO, is just to keep out the errant fools.
That's *if* you decide you don't want your network open, ie, Ike.
Nor have I opted anything like IPSec. . although Dan did:
http://www.freebsddiary.org/ipsec-wireless.php
No significant production wlans to speak of. . .
2. Are OpenVPN and IPsec good
> alternatives? 3. Of those which makes more sense for a wifi
> installation?
I really think this depends on preference.
Going VPN or IPSec is great for you if you don't have welcomed visitors
on your network. It's enough of a hassle giving a WEP key to buddies as
it is.
Of course, it's nice going a step higher if you really don't want anyone
sniffing your traffic. . .
g
More information about the talk
mailing list