On 06-10-2014 16:36, Matti Karnaattu wrote: > I don't know details but it sounds overly complex. And complexity > may cause other issues, without any benefit for security. > > Example, you don't have to encrypt your whole hard disk if the hard > disk is located in guarded bunker. But if you do that, it will increase > security in theory but that may cause service outtage if you have to > always locally type your crypt password if machine crashes. You pretty much always want to encrypt you drive these days. > > I would put this effort to ease maintainability, ease monitoring, > use stateful firewall, deploy honeypot etc. and avoid complexity. > Traffic in the clear, even on a switch controlled by you, doesn't mean that anyone with physical access couldn't tap into your switch and see the traffic. There are simple vpn solutions. OP, take a look at iked and OpenVPN. I believe that these two are the most indicated for your case.
Cheers, [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
