[ale] VPN choices...

[Jonathan Rickman]

On Tue, 08 Mar 2005 13:20:48 -0500, Jeff Hubbs <hbbs at comcast.net> wrote:
> But is there not merit to using an all-Free-Software solution such that
> no aspect of the solution is forcibly hidden from inquiry and
> examination?  Or is a black-box "We say it's okay, trust us, you have
> nothing to fear, no you may not examine it" solution preferable?

All things being equal, yes. The open source solution would be
preferred. However, this is one area where things are often not
equal...or even remotely so. I'm just offering friendly advice in an
effort to help someone avoid getting themselves into the bad
situations that the last folks who ignored my friendly advice found
themselves in. I have designed and deployed OSS based and commercial
firewall/IDS/VPN solutions for quite some time now, and it is not
uncommon to run into situations (even now) where the typical
Intel/Linux solution is not appropriate. As a security consultant I
question the logic of pushing a solution that is likely to leave the
admin feeling like a fish out of water. A complex Linux solution that
has better theoretical performance and security, but is totally
misconfigured by a confused windows admin is likely to end up being
completely inferior to a solution that the admin is comfortable with.

--
Jonathan