How many of you are using IPSec

[Dr. Psy]

How many of you are using IPSec?

[XTC46]

We use it, however I am not the one who imletmented it nor am I the one who manages it so unfortunatley I know little about it.

[thehorse13]

We are and I am the one who designed, implemented and manage it. What do you want to know other than who is using it as that seems like a rather worthless statistic.

[Dr. Psy]

Well, it's not particularly worthless to me, as I am very curious as to how many people have already deployed IPSec on their networks. I think IPSec will eventually become a standard for private networking, and the amount of people using IPSec currently tells me a lot about where we are in that progress.

So perhaps worthless to you, but not to myself :-) One man's trash is another man's treasure.

I am also interested in knowing how many people have deployed IPSec on their wireless network.

Sorry, thehorse13 if this doesnt interest you. Skip the thread and move on to another one if you arent interested. I asked because it IS of interest to me. I would like to know how much progress IPSec has made towards becoming a standard.

[thehorse13]

None.

Here's why. The protocol is too complicated and flakey. As soon as funding is available, it's going out the window here.

Why do you think it will be a standard when encryption is already built into the IPv6 spec? What benefit will IPSec have when IPv6 is widely deployed?

Sorry, thehorse13 if this doesnt interest you. Skip the thread and move on to another one if you arent interested.

If I wasn't interested, I wouldn't have responded nor would I have asked a follow up question. Play nice.

What benefit would IPSec give you over wireless? I'd say that authentication would be the area that would concern me most. With WPA out there already, where is the benefit in IPSec?

[Dr. Psy]

Why do you think it will be a standard when encryption is already built into the IPv6 spec? What benefit will IPSec have when IPv6 is widely deployed?

Well, that, in and of itself is absolutely true th13. However, I have a few doubts about when IPv6 is going to be widely deployed. NOT because of the protocol itslef. I wish to hell it WAS being widely adopted now! I have often 'bitched' about this with other people. You have no idea just how much I want to see IPv6 in place! I think we will get there eventully, however...when is another matter.

In the meantime, I would hazard to guess that IPSec would take it's place, if it is going to be as long as I think it's going to be before IPv6 is in place.

All just guesses of course, but were that the case, as I said, I am curious to know how far IPSec has come adoption-wise. Thats all.

If I wasn't interested, I wouldn't have responded nor would I have asked a follow up question. Play nice.

In that case, I do apologize. You know as well as I do that it is very hard to guess another's 'tone' when online ;-)

What benefit would IPSec give you over wireless? I'd say that authentication would be the area that would concern me most. With WPA out there already, where is the benefit in IPSec?

Well, no more than the same benefit that IPSec has on non-wireless networks. IPSec DOES have it's benefits. What benefit? Encrypted packets! If someone was successful in sniffing your wire [or wireless as the case may be!], would you not at least want to be sure that the information they could obtain would be minimal? Would you deploy a wireless network without IPSec?

[Dr. Psy]

With WPA out there already, where is the benefit in IPSec?

Sorry, did not see that part the first time. Again, How many people are actually using WPA?

[Dr. Psy]

IPSec and WPA, both are crackable, no?

That in itself is no good. Who wants to use security features which are crackable? However, there is not much choice at the moment if you are going to go wireless.

When it comes down to it th13, the question you asked about what advantage does IPSec have over WPA...the answer is none. Neither are a viable solution for those who cannot afford to have their security compromised.

But then again, thats a whole 'nother discussion! As I said, I am simply curious as to how many people have adopted the use of IPSec.

Your questions do add value to the post, dont get me wrong. Just wasn't quite where I was going with this thread!

[waytallgel]

Well, while we're on the subject, I may as well pick the brain of TH13 or anyone else watching. So it looks like I'm going to be in charge of VPN connectivity here at our office. Right now we have about 10 folks that VPN into our office from different locations around the country, just single users. Now I've looked around a little bit and from what I've seen, companies use IPsec for site to site VPNs not really the little remote users. Now they want to implement more VPNs here to the remote users bringing the number up to around 30 or so and I don't want that much traffic going through the mail server (the current set up, wasn't my idea.) Anyway I'm probably going to get them to purchase a Cisco 3000+ series or a Sonicwall. Do you have an opinion on which one of these will perform better. Would it be prudent to bump the security up to IPSec or would that just slow things down? I've heard IPsec is a little slower than MPPE which I believe is what windows is using by default for pptp.

Thanks,
GEL

[Dr. Psy]

In fact, now that you bring it up and we are on the subject, how many Linux compatible wireless cards are out there (namely the higher speed 11g cards) have drivers which dont yet even support encryption? Quite a few!

Mind you, I do not do wirless. I would love to be able to do so, and have researched the options pretty extensively. However, considering the dimsal state of security in wireless at the moment...I will not use wireless technology any further than for research purposes.

As far as I am concerned, at the moment anyway, wireless=no security

And on the subject of IPv6, I was having a conversation just the other day about this with a friend. IPv6 far surpasses IPv4 in security, and it drives me nuts that IPv6 has been available to us for sometime, and we are still stuck on IPv4. We all know why.....well we should all know why anyways. It's mainly the problem with IPv4and IPv6 compatibility issues.

When IPv6 is finally in place, then the issues we are discussing here now will no longer be of relevance. We will move on to new issues like vulnerabilities found in IPv6. However, many of the problems we currently face will be solved with the security features of IPv6. I absolutely cannot wait until we finally have this thing in place! Can we get moving please! lol!

But at the moment, that is not really an option for us. And security is still a very important issue. So what do we do until such time as we have all made the switch? Well, we have to look into things like IPSec and WPA encryption.

Problem is, aside from those of us who are concerned with and knowledgable in security, not many people have implemented these options. That considered, I was moved to post this thread in an attempt to enumerate the people who have thus far implemented some of these options.

On one hand [on the surface], I was slightly irritated at your response. I mean, does it matter why? Hey, I'm a curious kinda guy! On the other hand, I value your input as it has driven this thread a little further into the subject and has added some additional value to it. So by that token, I appreciate your input th13 ;-)