Opinions on VPN?

Andreas Gunnarsson Andreas.Gunnarsson@emw.ericsson.se
Thu, 22 Apr 1999 12:58:05 +0200 (CEST)

On Tue, 20 Apr 1999, dreamwvr wrote:

> IMHO i have reservations about integrated vpns in firewalls what
> are others opinions on this.. seems to me the firewall should do firewalling 
> not throw everything including the kitchen sink.. what is everyone elses
> opinion here?

I agree 100%. I want a firewall that does firewalling. I want to use the
firewall to let www traffic through only from the web proxy, VPN only to
the VPN gateway, SMTP only to the mail server etc. The firewall should
take care of IP spoofing, bad IP packets and other IP-level issues,
possibly NAT etc while the proxies are configured to securely deal with
protocol issues.

The more things that are integrated into the firewall the more corners
there are for bugs to hide in. Of course, if you have a low budget and not
too high security demands it might be a good idea to put several services
in the same machine, but if you have high security demands a more modular
firewall system should be considered.


Andreas Gunnarsson                                         Nat:    031-7476081
andreas.gunnarsson@emw.ericsson.se                         Int: +46 31 7476081
http://www.dd.chalmers.se/~zzlevo/                         Fax:    031-7473771