On 30 Apr 2009, at 00:14, Daniel Ouellet wrote:
Joe S wrote:
What's really frustrating here are the network admins I work with
that
are trying to migrate from ipsec vpns to MPLS because it's "easier"
and "just as secure".
Well, I am not sure that it would be very convincing to them, but I
guess a somewhat good argument to use might be as simple as asking
them if they would replace IPSec tunnel/VPN on a big switch WAN/LAN
network with only VLan tag instead?
That's about what they say isn't it? Scary.
May not be a very good example, but I think the analogy between them
is somewhat valuable in idea and concept anyway.
But again, the norm looks like these days is to only consider
security after the fact and react to it instead of being proactive
on it.
See what they say.
Best,
Daniel
you don't use telnet even over an IPSec WAN do you ? end-to-end
security (e.g. TLS/SSL) is your friend here. It's the only way to
actively verify link security....
and once you're in an SSH session (with properly verified keys), you
don't care who's watching the stream
/Pete
