“think sanely about security rant” I love it. The world needs more of this.
A lot of security nonsense we hear from self-important experts reminds me of the steel door I once saw with an impressive deadbolt but the hinge pins on the outside. Like the people worrying endlessly about man-in-the-middle hackers but you can reset their email password with their pet’s name and reset everything else once you control their email account. Social engineering is behind most security breaches. Once you are on the inside, you don’t need to be in the middle. No, you were not hacked, you were stupid and you were scammed, but calling that hacking is an insult to hackers. From: Tyler Treat Sent: Thursday, December 24, 2015 11:32 AM To: af@afmug.com Subject: Re: [AFMUG] Tik to Tik VPN: best trade off between performanceand security love this. -------------------------------------------------------------------------------- From: Af <af-boun...@afmug.com> on behalf of Joshaven Mailing Lists <lis...@joshaven.com> Sent: Thursday, December 24, 2015 11:05 AM To: af@afmug.com Subject: Re: [AFMUG] Tik to Tik VPN: best trade off between performance and security PPTP has lower encryption levels then most and uses basic user/pass to encrypt and not large keys… however calling it insecure is throwing much more mud on the face of PPTP then it deserves. It is not even remotely close to no encryption which isn’t insecure because encryption no more equal to security then having a bank account is equal to being rich… the user can receive a key logger virus through an encrypted tunnel just as easily as a non-encrypted tunnel and even an unencrypted tunnel cannot be interfered with if you cannot access the stream of data in-between the endpoints. Ultimately I expect that if a someone is going to breech a system then they will probably do it regardless of the encryption level of a tunnel. So… if you want to be able to VPN into a router simply then I see no harm in PPTP unless you expect a hacker setting in the middle of your tunnel just waiting to bruit force decrypt the captured packets… If you are interconnecting two bank branches then first off the applications should be responsible for the data security but it is still a good idea to use something with the highest level of security. Sometimes PPTP is still a good option, sometimes better encryption is a good idea. However, tunnel encryption is never an excuse to allow data access to unauthorized users so the applications accessibility is what should really be our concern. Sorry, I’m on my think sanely about security rant… done now. Sincerely, Joshaven Potter Google Hangouts: j...@g2wireless.co Cell & SMS: 1-517-607-9370 supp...@joshaven.com On Dec 22, 2015, at 8:43 PM, Josh Reynolds <j...@kyneticwifi.com> wrote: I don't know if ipsec is hardware offloaded on Mikrotik, but if it is it's probably your best bet. EoIP does have a performance/overhead hit.. Wasn't there something fairly recent about eoip+ipsec? PPTP is NOT security any more than WEP is. Most opensource products have removed it at this point - shame on MikroTik for not following suit. On Dec 22, 2015 7:37 PM, "Mathew Howard" <mhoward...@gmail.com> wrote: You apparently can do encryption on EOIP now... I haven't tried it though, so I have no idea if it actually works or if it spoils the simplicity part... On Tue, Dec 22, 2015 at 7:04 PM, Josh Luthman <j...@imaginenetworksllc.com> wrote: EOIP wouldn't be encrypted... Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Tue, Dec 22, 2015 at 7:57 PM, Tyler Treat <tyler.tr...@cornbelttech.com> wrote: If only EOIP. Damn I love the simplicity. On Dec 22, 2015, at 6:51 PM, Josh Luthman <j...@imaginenetworksllc.com> wrote: OVPN probably? Not sure about IPSec on the CCR. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Tue, Dec 22, 2015 at 7:49 PM, Tyler Treat <tyler.tr...@cornbelttech.com> wrote: Tunneling between 2 sites, not trying to bridge a single subnet or any nonsense like that. Well connected on either end. Which style of tunnel is going to provide the best security vs performance value. Thinking CCR as a concentrator with 2011's or crs125's at end points. Feedback appreciated. Thanks! Tyler ___________________________ Mangled by my iPhone. ___________________________ Tyler Treat Corn Belt Technologies, Inc. tyler.tr...@cornbelttech.com ___________________________