On Sat, 08 Dec 2001 10:23:35 +0100 Johan Helsingius <[EMAIL PROTECTED]> wrote: > At 03:06 07/12/2001 -0500, Sebastian Ip wrote:
>> No body in their right minds would VPN each individual >> workstation by itself. > Unless they are on a non-secure network, such as a WLAN. The > "let's have a firewall and keep all the bad things outside" > mentality is far too simplistic for anything except trivial cases. True. There's also the segmentation model where you do application-specific IPSec VPNs, which depending on who you want to do your compartmentalisation, can be either of the form "everybody with access to this applications shares a common VPN to access it", or individual private VPNs, one per station, each VPN containing only the target client and the server. Yes, its expensive, but depending on the security models and containment needs, is required for certain cases. -- J C Lawrence ---------(*) Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
