[VOIPSEC] VPNs and VoIP (was: Re: VoIP Attack : How feasible)
Dustin D. Trammell
dtrammell at tippingpoint.com
Sun Jul 30 16:29:28 CDT 2006
On Fri, 2006-07-28 at 18:21 -0700, Michael Slavitch wrote:
> > Sources? I've yet to see one PPTP inplementation in real use (over here
>
> Every MSFT VPN. I've yet to see a IPSec VPN used in a corporate
> environment. Most VPN systems are pure commercial software.
You made this claim in a previous email, and I almost replied but didn't
want to nit-pick your argument, but here you make it again so I feel
compelled to reply. Are you limiting the scope of your claim to
user-VPNs of the variety that road warriors or employees working from
home use to connect back to the corporate network with? Because if
you're really are meaning IPSec VPNs in general, I'm wondering what rock
you've been living under. About a decade ago, when I wore the hat of a
network security consultant for about 4 years, and then for about 2
years immediately after that when I wore the hat of a network security
engineer for a large financial institution in Dallas, about 80% of the
work that I did was nothing /but/ IPSec VPN implementations.
Site-to-site, road-warrior variety, etc. For 6 years. And while
working for the consultancy, I dealt with a range of companies from
Fortune-500 to medium sized shops to small mom 'n pop businesses who
just wanted to connect a few stores but couldn't afford a dedicated
circuit between them.
I will however grant you that PPTP has taken over a lot of the
road-warrior class of access VPN, because it's easy, supported natively
by Windows XP, and it just works. But I think Checkpoint, Nortel,
Juniper, and Cisco would also strongly disagree with you that IPSec VPNs
are just not used in a corporate environment.
--
Dustin D. Trammell
VoIP Security Research
TippingPoint, a division of 3Com
More information about the Voipsec
mailing list