• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

IPsec: does it work?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Windows

View previous topic :: View next topic  
Author Message
cornerstoned
Just Arrived
Just Arrived


Joined: 10 Jun 2005
Posts: 0


Offline

PostPosted: Sat Jun 11, 2005 3:22 pm    Post subject: IPsec: does it work? Reply with quote

Hey all,

Yet another question... haha...

When using IPsec on the desktops, does it slow down the connectivity considerably or are there a lot of issues with connectivity?

I'm considering adding IPsec company wide, just curious if its going to be worth while.
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
superlone
Just Arrived
Just Arrived


Joined: 09 Jun 2005
Posts: 0


Offline

PostPosted: Sat Jun 11, 2005 7:46 pm    Post subject: Reply with quote

As far as i know,IPsec uses point-2-point encrytion mode.so maybe it needs some pieces of CPU time,but i don't think it can slow down the network connectivity.
Back to top
View user's profile Send private message
AdamV
SF Mod
SF Mod


Joined: 06 Oct 2004
Posts: 24
Location: Leeds, UK

Offline

PostPosted: Sat Jun 11, 2005 8:58 pm    Post subject: Reply with quote

surely it's a matter of prioritisation to some extent and what you use it for (I'm guessing to restrict desktop devices so they can only communicate to servers and not each other as a common reason, as well as authenticating the client devices)

let's say for the sake of argument it increases latency by 5% and adds a 5% overhead to your bandwidth

but maybe it reduces the chance of a worm spreading through your LAN by 20%, and the risk of someone being able to get files from a colleagues machine by 5%.

and you incur a 15% increase in your work for the next month implementing it

so is it worth it in this fictitious case? depends on your company's relative weighting of factors like security, speed and cost. What other projects will not be done if you do this? is a 5 or even 25% increase in traffic actually a problem on your LAN? what would be your downtime from something like Blaster?

what is your actual intention for IPSec?
Back to top
View user's profile Send private message Visit poster's website
cornerstoned
Just Arrived
Just Arrived


Joined: 10 Jun 2005
Posts: 0


Offline

PostPosted: Sun Jun 12, 2005 4:47 am    Post subject: Reply with quote

My intention is to utilize encrypted network traffic for added security in regards to my paranoid behavior towards HIPAA.

Since there is a lot of patient data being transferred, I'd feel more comfortable using a network encryption with a factor around 128bit similiar to Netware.

I believe with a gigabit backbone and 20mbps WAN links (14mpbs actual) it won't be an issue.
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
njan
Trusted SF Member
Trusted SF Member


Joined: 02 May 2005
Posts: 9
Location: Scotland, UK

Offline

PostPosted: Mon Jun 13, 2005 12:10 pm    Post subject: Reply with quote

Quote:

Hey all,

Yet another question... haha...

When using IPsec on the desktops, does it slow down the connectivity considerably or are there a lot of issues with connectivity?


Very few networks use anything approaching even 50% of the bandwidth of a 100mbit network for a substantial amount of the time, so the slight overhead which is probably added from IpSec encryption is almost certainly unlikely to affect you.

What may affect your machines is the CPU load - although for new clients this isn't an issue (for similar reasons), for servers which are maintaining dozens or hundreds of concurrent connections (such as Domain Controllers), IpSec can take up a significant amount of processing power, and this is where you're likely to have problems.

Quote:

I'm considering adding IPsec company wide, just curious if its going to be worth while.


IpSec is a good addition to part of an already-strong network security strategy, but on its own it won't provide you with much benefit if you don't already safeguard your network in otherways (such as by providing adequate firewalling, strong password policy, etc). If you're more interested in this, there's an excellent paper on 'Server and Domain Isolation' which goes through the advantages this gives you and how to implement it here on technet.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Windows All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register