On Sun, Dec 8, 2013 at 11:46 PM, Merike Kaeo <mer...@doubleshotsecurity.com>wrote:
> > On Dec 6, 2013, at 11:55 AM, Eugeniu Patrascu <eu...@imacandi.net> wrote: > > > On Fri, Dec 6, 2013 at 9:48 PM, Jared Mauch <ja...@puck.nether.net> > wrote: > > > >> > >> On Dec 6, 2013, at 1:39 PM, Brandon Galbraith < > brandon.galbra...@gmail.com> > >> wrote: > >> > >>> If your flows are a target, or your data is of an extremely sensitive > >>> nature (diplomatic, etc), why aren't you moving those bits over > >>> something more private than IP (point to point L2, MPLS)? This doesn't > >>> work for the VoIP target mentioned, but foreign ministries should most > >>> definitely not be trusting encryption alone. > >> > >> I will ruin someones weekend here, but: > >> > >> MPLS != Encryption. MPLS VPN = "Stick a label before the still > >> unencrypted IP packet". > >> MPLS doesn't secure your data, you are responsible for keeping it secure > >> on the wire. > >> > >> > > It's always interesting to watch someone's expression when they hear that > > MPLS VPN, even if it says VPN in the name is not encrypted. Priceless > every > > time :) > > So, just to raise the bar…I had someone once tell me they encrypted > everything since they > were using IPsec. Since I only trust configurations, lo and behold the > configuration was > IPsec AH. As exercise to reader….determine why using IPsec does not > automagically equate to > encrypted traffic. > > Interesting, as it's particularly hard to enable only AH instead of ESP. > This was only 2 years ago while doing a security assessment for someone. > > I greatly dislike the term 'VPN'…..always have and always will. > Marketechture is awesome! > > I think you probably dislike all the people that grossly misunderstand what a VPN is and what are its use cases :)
