>>Others might have a very different definition of VPN. The "P" in "VPN"
>>stands for "privacy", which
>I thought the word was "private" rather than "privacy". "Private" has two
>different meanings, one for shutting out others from seeing, but the other
>referring to restricted management, as
It is what cisco calls IP overloading. It is where multiple off-net
addresses share a single public IP. The router keeps track of the full
socket in order to remember which off-net address gets which incoming
packets. Cisco refers to NAT as having a one-to-one relationship between
off-net and p
Ya know, I used to work at EDS. One day, a guy sent a message to a
distribution list rather than to the specific person that they meant to. It
was some sales guy, so immediately, people start sending these angry "don't
spam me, remove me from your list..." messages in reply. The problem is,
the
>IPv6 has NO authentication capability not already shipping for IPv4,
>speaking as the person who designed both AH and ESP. Marketing aside,
>there is nothing in IPv6 that makes it more easily secured than IPv4.
>Both support AH and ESP. Deployed ISAKMP/IKE support IPv4, but might
>not support I
>Experience tells us that although we can design and specify for
>"intra-nets", people will insist on using the results over the public
>internet. Pretending this will not happen is akin to burying ones head in
>the beach sand when one has heard a report of a large wave heading for the
>beach
>Odd.. I thought we had a clue about security. The guys at SANS just
>gave us a 'Technology Leadership Award'. I just walked across the hallway,
>and I didn't see any firewall in our router swamp.
>I guess because we don't have a firewall, we don't have a clue. Or because
>we don't have a firew
>> Encryption will be offloaded to the network interface. ASICs on the NICs
>> will greatly improve encryption and authentication performance.
>all well and good, provided that this encryption and authentication
>are actually compatible with that specified by higher level protocols
>and the aut
Encryption will be offloaded to the network interface. ASICs on the NICs
will greatly improve encryption and authentication performance. It won't
run over the Internet because of latencies inherent on the public network.
It will run over incredibly fast Packet over SONET Wide Area
Networks--behi
