On Dec 6, 2013, at 11:55 AM, Eugeniu Patrascu <eu...@imacandi.net> wrote:
> On Fri, Dec 6, 2013 at 9:48 PM, Jared Mauch <ja...@puck.nether.net> wrote: > >> >> On Dec 6, 2013, at 1:39 PM, Brandon Galbraith <brandon.galbra...@gmail.com> >> wrote: >> >>> If your flows are a target, or your data is of an extremely sensitive >>> nature (diplomatic, etc), why aren't you moving those bits over >>> something more private than IP (point to point L2, MPLS)? This doesn't >>> work for the VoIP target mentioned, but foreign ministries should most >>> definitely not be trusting encryption alone. >> >> I will ruin someones weekend here, but: >> >> MPLS != Encryption. MPLS VPN = "Stick a label before the still >> unencrypted IP packet". >> MPLS doesn't secure your data, you are responsible for keeping it secure >> on the wire. >> >> > It's always interesting to watch someone's expression when they hear that > MPLS VPN, even if it says VPN in the name is not encrypted. Priceless every > time :) So, just to raise the bar…I had someone once tell me they encrypted everything since they were using IPsec. Since I only trust configurations, lo and behold the configuration was IPsec AH. As exercise to reader….determine why using IPsec does not automagically equate to encrypted traffic. This was only 2 years ago while doing a security assessment for someone. I greatly dislike the term 'VPN'…..always have and always will. Marketechture is awesome! - merike
signature.asc
Description: Message signed with OpenPGP using GPGMail
