[Info-vax] HP's Partner Virtualization Program

Michael D. Ober obermd. at .alum.mit.edu.nospam.
Sun Aug 16 10:49:29 EDT 2009 

"Richard B. Gilbert" <rgilbert88 at comcast.net> wrote in message 
news:o4qdnZB2xdPWyRrXnZ2dnUVZ_uGdnZ2d at giganews.com...
> Michael D. Ober wrote:
>> "Richard B. Gilbert" <rgilbert88 at comcast.net> wrote in message 
>> news:yJ-dnb4DHoqzSxvXnZ2dnUVZ_i1i4p2d at giganews.com...
>>> R.A.Omond wrote:
>>>> Richard B. Gilbert wrote:
>>>>> [...big snip...]
>>>>> In twenty years as a system manager, VMS and several flavors of Unix, 
>>>>> I NEVER used, or even encountered, IPSEC!  We've all gotten along 
>>>>> without it somehow.  I never missed it!  Why has it suddenly become a 
>>>>> sine qua non?
>>>>
>>>> Richard, please use some of the next twenty years to learn how to snip.
>>>
>>> Please try to answer the question!
>>>
>>
>>
>> Richard - there are a two problems that IPSec supposedly solves.
>>
>> First, packets are encrypted in transit.  There is a growing realization 
>> that packets in the clear are large enough to carry a lot of personal 
>> data. Credit card data, including name, address, card number, and card 
>> security number, for instance, can be fully stored inside the 1500 or so 
>> byte limit imposed by most routers.  So to steal your credit card, a 
>> packet sniffer only needs to grab a single packet.  You don't have to 
>> defeat security on the OS to steal credit cards.  Transmission security 
>> is a necessary, but not sufficient requirement, for internet commerce of 
>> any sort.  Yes, IPSec isn't the only method, but it's well understood and 
>> relatively easy to implement on most routers and OSs.
>>
>
> ISTR that all such transactions for the last eight or ten years have used 
> HTTPS.  I've learned the check for the https://mumble in my browser.  Is 
> this some form of IPSEC?
>

Https has been the consumer to business transmission security.  Business to 
Business (b2b) has been using IPSec for transmission security simply because 
it has been the more secure of the two models.  That is starting to change 
as the SSL (the S in HTTPS) security has improved and the known holes 
removed.  To my knowledge, no one has ever broken properly configured IPSec 
through technical means alone.  All the breaches you hear about are done 
either through human engineering (talking someone out of their password, 
etc.) or through a technical attack on a weak security system, such as SSL 
v1 and v2 or older wireless security models.

Mike.

More information about the Info-vax mailing list