Re: (PM) PPTP

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Samudra E. Haque: "(PM) PM3 with N*64 frac-E1 service"
• Previous message: Jeff Northon: "(PM) Re: Did You Open a Trouble Ticket?"
• In reply to: Terje Sten Bjerkseth: "(PM) FYI: PM2/PL50 solution"

>I have a customer insisting on PPTP compatibility - but I don't see it in
>the release notes for 3.8b13 or in the release notes for any earlier
>version of ComOS. I did note in passing a while back that Lucent had a
>beta program for VPN.
>My question - did PPTP find its way into ComOS yet?

Not yet.

<IMHO>
It probably shouldn't be in ComOS at all. All routers should pass
the packets transparently as PPTP encrypts a packet and wraps it in a
standard IP packet. (This means that the Portmasters are completely
compatible with PPTP today) The packet should be encrypted and wrapped at
one end on the client or server machine and not unwrapped and decrypted
until it gets to the client or server at the other end. At least this
could/should be done in a dedicated firewall box if not on the individual
machines. Any time you try to use a router to do it because you can't
figure out how to do it on the Windows machine or don't want to implement
it on several machines, you are adversely affecting the router's
throughput. If you have to do it in a border router, get a built-for-it
VPN router. (Or wait until Lucent comes out with it as a HW upgrade to
the PM-3/4 sometime in the not-to-distant future) This needs to be done in
hardware as most machines today can't handle compression on a T-1, never
mind encryption, and certainly not with the 486 of current Lucent
products. But if you do VPN in the router realize your packets are
unsecure on your Lan where history records most compromises originate,
from someone employed by you or someone with access to the inside. I know
of very few documented cases (if any) of compromise of corporate data by
interception of the data stream while on the internet backbone or in
transit on an ISP. The few ISP compromises I know of are usually due to
unauthorized access to a server where the data was being stored statically
on a disk somewhere (where VPN would be moot). As an ISP, I would be
loathe to take on the legal responsibility of securing my customer's data
via VPN. (Unless I was doing ALL their security and not just the VPN
stuff, the buck needs to stop at one and only one person/company) If a
compromise occured, I'm sure they wouldn't be blaming their internal staff
or their corporate-owned firewall, it would be all to easy to blame (and
sue) their ISP for a breach.
</IMHO>

-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>

• Next message: Samudra E. Haque: "(PM) PM3 with N*64 frac-E1 service"
• Previous message: Jeff Northon: "(PM) Re: Did You Open a Trouble Ticket?"
• In reply to: Terje Sten Bjerkseth: "(PM) FYI: PM2/PL50 solution"