ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    IPsec Site-to-Site

    Scheduled Pinned Locked Moved IT Discussion
    9 Posts 7 Posters 340 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      VoIP_n00b
      last edited by

      Is using a IPsec Site-to-Site VPN safe?

      JaredBuschJ 1 Reply Last reply Reply Quote 0
      • M
        manxam
        last edited by

        So long as you're using half decent encryption (128-bit AES or higher) there's not much that's more secure aside from having no connection at all 🙂

        ObsolesceO 1 Reply Last reply Reply Quote 0
        • ObsolesceO
          Obsolesce @manxam
          last edited by

          @manxam said in IPsec Site-to-Site:

          So long as you're using half decent encryption (128-bit AES or higher) there's not much that's more secure aside from having no connection at all 🙂

          How is 128-bit AES only "half decent"?

          M 1 Reply Last reply Reply Quote 1
          • DashrenderD
            Dashrender
            last edited by

            As mentioned - as long as you're using a known safe cypher, you're traffic shouldn't be sniffed while transversing the site to site.

            1 Reply Last reply Reply Quote 0
            • T
              taurex
              last edited by taurex

              9f549666-784b-4193-a1d0-e88bc0198907-image.png
              These are the current Australian government cybersecurity guidelines on recommended cryptographic algorithms. Can be a good reference point to start from.

              EDIT: link - https://www.cyber.gov.au/ism/guidelines-for-using-cryptography

              1 Reply Last reply Reply Quote 0
              • dbeatoD
                dbeato
                last edited by

                Can you define what do you mean by secure on this case?

                1 Reply Last reply Reply Quote 0
                • M
                  manxam @Obsolesce
                  last edited by

                  @Obsolesce : Because, while 128-bit AES has not yet been cracked (that we're aware of), many "governing bodies" consider it the absolute minimum encryption level -- assuming that they approve its use at all.
                  Taurex' chart below is one such example.

                  ObsolesceO 1 Reply Last reply Reply Quote 0
                  • ObsolesceO
                    Obsolesce @manxam
                    last edited by

                    @manxam said in IPsec Site-to-Site:

                    @Obsolesce : Because, while 128-bit AES has not yet been cracked (that we're aware of), many "governing bodies" consider it the absolute minimum encryption level -- assuming that they approve its use at all.
                    Taurex' chart below is one such example.

                    https://www.schneier.com/blog/archives/2009/07/another_new_aes.html

                    https://blog.1password.com/guess-why-were-moving-to-256-bit-aes-keys/

                    http://www.axantum.com/axcrypt/etc/seagate128vs256.pdf

                    There's an even better explanation that I seen a while back, but I can't find it now.

                    1 Reply Last reply Reply Quote 0
                    • JaredBuschJ
                      JaredBusch @VoIP_n00b
                      last edited by

                      @VoIP_n00b said in IPsec Site-to-Site:

                      Is using a IPsec Site-to-Site VPN safe?

                      Using a site-to-site VPN is not safe in the first place. It completely bridges two disparate networks. Allowing an attacker on one network to attack the other network, without anything blocking it.

                      If you are fully prepared to trust everything on both networks, then sure, use it.

                      Yes, you need to use only known good ciphers. That is no different than any encrypted communications.

                      1 Reply Last reply Reply Quote 1
                      • 1 / 1
                      • First post
                        Last post