[64529] in North American Network Operators' Group
Re: ISPs' willingness to take action
daemon@ATHENA.MIT.EDU (kenw@kmsi.net)
Mon Oct 27 10:50:47 2003
Date: Mon, 27 Oct 2003 08:48:44 -0700
From: kenw@kmsi.net
In-reply-to: <BNEJJGFPFOAPBMHHEDILOEDHLOAA.john@ferriby.com>
To: NANOG <NANOG@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, 27 Oct 2003 08:28:22 -0500, "John Ferriby" <john@ferriby.com>
wrote:
>VPN technologies are either too weak, like PPTP, too
>expensive or difficult to grasp like IPsec, or too new
>like the HTTPS tunnels.
Dunno about HTTPS; I prefer to avoid opening _any_ inbound ports through =
my
firewalls, since my clients are typically too small to afford good =
stateful
inspection, and I dislike server-based firewalls.
VPNs, however, are not the problem they used to be. I use Netopia R910s
and 3381-ENTs, which are cheap and provide both PPTP and IPsec endpoints,
with or without encryption. They're reasonably easy to configure (good
documentation and good support), and work just fine with Microsoft's
built-in Windows VPN clients. =20
Yes, I know PPTP isn't as strong as IPsec. But it's certainly more than
strong enough to keep out the riff-raff, and that's all we need here.
This allows me to provide secure, low-cost remote network access to and
between clients' LANs without any DMZs or pinholed routers. And I tell =
any
client who really wants to provide services to the Internet at large, =
that
they're far better off to contract the service with an ISP, who will =
almost
certainly do the job both better and cheaper.
Hey, I make good money doing this; so can you!
I don't see any good justification for people to treat the Internet like
their own back yard. But is bandwidth really so cheap that ISPs don't =
have
any stake in conserving it?
/kenw
Ken Wallewein CDP,CNE,MCSE,CCA,CCNA
K&M Systems Integration
Phone (403)274-7848
=46ax (403)275-4535
kenw@kmsi.net
www.kmsi.net
