Thursday, August 13, 2009

Why cant we just trust the internet??

I have been studying Internet and WAN security lately and I just think it would be a lot better if the internet was secure. So let's start a campaign for "Ethical Internet Practices ;)".
Well, I have to come to terms with reality. The internet is going to remain UNSAFE for a long time. So we are going to deal with it. What options do we have?

1. Provide WAN infrastructure for all our private traffic: While this would be 'SAFE', it is no longer scalable as we have branch offices everywhere and even telecommuters. Some employees don't even know the location of the corporate offices anymore (they all work from home :-) ). Besides, this way too expensive, I'm sure your boss would not buy that either!

2. Secure our traffic and use the internet as our WAN infrastructure. We would kill two birds with one stone and we would still be friends with the finance department. :-) Welcome to the world of VIRTUAL PRIVATE NETWORKING
As a network engineer, i know VPNS have been around for a while and they have grown and become very scalable. Thankfully cisco gives us many options to suite our peculiar needs.
Broadly we have two kinds of VPN

1. Site to Site VPNS:
-GRE/IPSEC for communiction of routing protocols
-Dynamic Multipoint VPNS (Hub and Spoke and Spoke to Spoke)
-Group Encrypted Transport (GET) VPNS

2. Remote Access VPNS (for telecommuters)
-SSL VPN (also known as webVPN)
-Easy VPN

I don't want to get into the configuration details yet but I would post some more technical details soon.
As you must have already noticed, I am a cisco advocate and my configuration would be mostly cisco-oriented.
Feel free to post your personal experience with these technologies.




  1. The protection of personal user data has been extended and enhanced. For instance, Internet Security Center automatically prevents inadvertent users from accessing known phishing web sites, and blocks keylogger programs, which are designed to steal passwords and access codes.

  2. Good Point Daniel,
    ISC prevents users from 'shooting themselves in the leg'.
    While IPSEC is designed to secure the WAN infrastructure, users are still exposed to attacks from the internet (especially when they are triggered by the user). This is what ISC helps to prevent (or reduce) ;)
    Cisco has implemented the NAC framework to ensure that end hosts are secure before they can connect to the network (No security = No connectivity).