Secure Tunneling. Only with more Control!!!
symack at gmail.com
Sat Jul 13 13:36:09 UTC 2013
Not having to hijack http://seclists.org/nanog/2013/Jul/251, and
without further ado,
On 7/12/13, ryangard at gmail.com <ryangard at gmail.com> wrote:
> It wouldn't be. When the endpoint in question is compromised, there isn't
> any amount of tunneling or obscurity between point a and point b that will
> resolve it. Only thing you can do is change to a solution that you have more
> control over.
> Sent on the TELUS Mobility network with BlackBerry
This just got very interesting. Given that we do not own any Microsoft
products here, and still able to function like any other corporation,
I am more interested in a "solution that you have more control over"
secured connections. We currently are using OpenVPN and PKI, coupled
with a company policy of key updates every 3 months this will only get
incrementally more complex as the number of clients increase. Not to
mention one only needs a 3 minutes....
Question: What other options do we have to maintain a secure
connection between client and server that gives us more control over
traditional OpenVPN+PKI. It would be nice to be able to deploy private
keys automatically to the different clients however, seems like a
disaster waiting to happen.
I would really appreciate some of your takes on this matter, what
types of technology, policies are being employed out there for secure
More information about the NANOG