[e2e] Re: NAT usage at large companies

Vadim Antonov avg at kotovnik.com
Sun Oct 20 01:51:33 PDT 2002


On Sat, 19 Oct 2002, Valentin Ossman wrote:

> The only way to really secure the network is to establish IPSec tunnels
> en-to-2nd between all the servers and workstations.

Not really.  This only takes care of communication privacy.  You also need
authentication (of users, hosts, and server processes), authorization
(including secure distribution of authorization information), key
management, availability (denial of service resistance) and intrusion
detection.  On its own, IPSec tunnels are no more effective (within a LAN)
than having Ethernet switches with MAC address filters on per-port basis.

--vadim




More information about the end2end-interest mailing list