Navigation

    ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    IPsec Site-to-Site

    IT Discussion
    7
    9
    132
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      VoIP_n00b last edited by

      Is using a IPsec Site-to-Site VPN safe?

      JaredBusch 1 Reply Last reply Reply Quote 0
      • M
        manxam last edited by

        So long as you're using half decent encryption (128-bit AES or higher) there's not much that's more secure aside from having no connection at all :)

        Obsolesce 1 Reply Last reply Reply Quote 0
        • Obsolesce
          Obsolesce @manxam last edited by

          @manxam said in IPsec Site-to-Site:

          So long as you're using half decent encryption (128-bit AES or higher) there's not much that's more secure aside from having no connection at all :)

          How is 128-bit AES only "half decent"?

          M 1 Reply Last reply Reply Quote 1
          • Dashrender
            Dashrender last edited by

            As mentioned - as long as you're using a known safe cypher, you're traffic shouldn't be sniffed while transversing the site to site.

            1 Reply Last reply Reply Quote 0
            • T
              taurex last edited by taurex

              9f549666-784b-4193-a1d0-e88bc0198907-image.png
              These are the current Australian government cybersecurity guidelines on recommended cryptographic algorithms. Can be a good reference point to start from.

              EDIT: link - https://www.cyber.gov.au/ism/guidelines-for-using-cryptography

              1 Reply Last reply Reply Quote 0
              • dbeato
                dbeato last edited by

                Can you define what do you mean by secure on this case?

                1 Reply Last reply Reply Quote 0
                • M
                  manxam @Obsolesce last edited by

                  @Obsolesce : Because, while 128-bit AES has not yet been cracked (that we're aware of), many "governing bodies" consider it the absolute minimum encryption level -- assuming that they approve its use at all.
                  Taurex' chart below is one such example.

                  Obsolesce 1 Reply Last reply Reply Quote 0
                  • Obsolesce
                    Obsolesce @manxam last edited by

                    @manxam said in IPsec Site-to-Site:

                    @Obsolesce : Because, while 128-bit AES has not yet been cracked (that we're aware of), many "governing bodies" consider it the absolute minimum encryption level -- assuming that they approve its use at all.
                    Taurex' chart below is one such example.

                    https://www.schneier.com/blog/archives/2009/07/another_new_aes.html

                    https://blog.1password.com/guess-why-were-moving-to-256-bit-aes-keys/

                    http://www.axantum.com/axcrypt/etc/seagate128vs256.pdf

                    There's an even better explanation that I seen a while back, but I can't find it now.

                    1 Reply Last reply Reply Quote 0
                    • JaredBusch
                      JaredBusch @VoIP_n00b last edited by

                      @VoIP_n00b said in IPsec Site-to-Site:

                      Is using a IPsec Site-to-Site VPN safe?

                      Using a site-to-site VPN is not safe in the first place. It completely bridges two disparate networks. Allowing an attacker on one network to attack the other network, without anything blocking it.

                      If you are fully prepared to trust everything on both networks, then sure, use it.

                      Yes, you need to use only known good ciphers. That is no different than any encrypted communications.

                      1 Reply Last reply Reply Quote 1
                      • First post
                        Last post