[Info-vax] "Linux Shminux - IPsec is Snake Oil!" VMS Mgmnt

Thu Apr 9 21:42:02 EDT 2009

"Richard Maher" <maher_rj at hotspamnotmail.com> wrote in message 
news:gre36n$6nd$1 at news-01.bur.connect.com.au...
> Hi,
>
> In addition to the Apple, IBM, SUN, Microsoft, and HP-UX support for IPsec 
> I
> wanted to see what the level of Linux/IPsec support was out there. Well as
> far as Linux goes, I found comprehensive IPsec support has existed for 
> some
> time on Red Hat, SuSe, and Debian flavours. Are there others I should look
> at?
>

This is a serious question to everyone here though it may sound like a slam 
to Richard's argument,

Yes, IPsec exists on these other platforms, but how much is it being 
actually used?  is it really needed?

In the last 12 years, I have been in only 2 different environments and 
neither used IPsec.  The Windows environment has been a secondary support 
environment for me in both of these positions, basically keeping things 
running, but being small enough locations that I was included in decision 
making.

The first was a completely Win98/Netware environment until less than 4 years 
ago.  There were only 2 servers at this company, one at each of 2 sites 
connected via 56K PTP. About 2005 we started replacing Win98 with WinXP 
desktops but they had still not moved off of the Novell servers as of March 
2007, though there were plans.  Interior security was not a major issue 
beyond file ACL's.  This was a public company which needed to meet 
Sarbanes-Oxley regulations and auditing, most of which covered security.

My current employer is still approximately 25% Win2000 and the rest WinXP 
for the desktops.  We have about 50 servers (25% Win2000, 75% Win2003, a 
couple WinNT, a couple RH Linux boxes and one Win2008 currently being 
tested).  Most of these are IIS web servers (https) for both internal and 
external access.  The file/print servers are Win2000.  Again, internal 
security is not an issue considered worthy of funding with ACL's providing 
the access to files people need.  IPsec may be in use here by default in the 
background, I would not know how to tell whether it was working or not.  I 
suspect not since none of the options listed at: 
http://unixwiz.net/techtips/iguide-ipsec.html#flavors have been issues for 
us when dealing with internal systems (CheckPoint VPN access for IT being 
the only real exposure to those concepts)

In both of these companies, I have had numerous different vendors discussing 
our network wants/needs and nobody had ever mentioned IPsec in either asking 
if we were currently using it or telling us why we would need it (and need 
them to help us implement it to its fullest).  No SOX auditors ever 
mentioned this as a potential problem or even as an improvement to what we 
were doing (and they made LOTS of recommendations).

Thank you 