On Sun, Dec 8, 2013 at 11:46 PM, Merike Kaeo <merike@doubleshotsecurity.com>wrote:
On Dec 6, 2013, at 11:55 AM, Eugeniu Patrascu <eugen@imacandi.net> wrote:
On Fri, Dec 6, 2013 at 9:48 PM, Jared Mauch <jared@puck.nether.net> wrote:
On Dec 6, 2013, at 1:39 PM, Brandon Galbraith <
brandon.galbraith@gmail.com>
wrote:
If your flows are a target, or your data is of an extremely sensitive nature (diplomatic, etc), why aren't you moving those bits over something more private than IP (point to point L2, MPLS)? This doesn't work for the VoIP target mentioned, but foreign ministries should most definitely not be trusting encryption alone.
I will ruin someones weekend here, but:
MPLS != Encryption. MPLS VPN = "Stick a label before the still unencrypted IP packet". MPLS doesn't secure your data, you are responsible for keeping it secure on the wire.
It's always interesting to watch someone's expression when they hear that MPLS VPN, even if it says VPN in the name is not encrypted. Priceless every time :)
So, just to raise the bar…I had someone once tell me they encrypted everything since they were using IPsec. Since I only trust configurations, lo and behold the configuration was IPsec AH. As exercise to reader….determine why using IPsec does not automagically equate to encrypted traffic.
Interesting, as it's particularly hard to enable only AH instead of ESP.
This was only 2 years ago while doing a security assessment for someone.
I greatly dislike the term 'VPN'…..always have and always will. Marketechture is awesome!
I think you probably dislike all the people that grossly misunderstand what a VPN is and what are its use cases :)