| View previous topic :: View next topic |
| Author |
Message |
cornerstoned
Just Arrived
Joined: 10 Jun 2005
Posts: 0
|
 Posted: Sat Jun 11, 2005 3:22 pm Post subject: IPsec: does it work? |
 |
|
Hey all,
Yet another question... haha...
When using IPsec on the desktops, does it slow down the connectivity considerably or are there a lot of issues with connectivity?
I'm considering adding IPsec company wide, just curious if its going to be worth while.
|
|
| Back to top |
|
 |
superlone
Just Arrived
Joined: 09 Jun 2005
Posts: 0
|
| Posted: Sat Jun 11, 2005 7:46 pm Post subject: |
|
|
|
As far as i know,IPsec uses point-2-point encrytion mode.so maybe it needs some pieces of CPU time,but i don't think it can slow down the network connectivity.
|
|
| Back to top |
|
|
AdamV
SF Mod
Joined: 06 Oct 2004
Posts: 24
Location: Leeds, UK
|
| Posted: Sat Jun 11, 2005 8:58 pm Post subject: |
|
|
surely it's a matter of prioritisation to some extent and what you use it for (I'm guessing to restrict desktop devices so they can only communicate to servers and not each other as a common reason, as well as authenticating the client devices)
let's say for the sake of argument it increases latency by 5% and adds a 5% overhead to your bandwidth
but maybe it reduces the chance of a worm spreading through your LAN by 20%, and the risk of someone being able to get files from a colleagues machine by 5%.
and you incur a 15% increase in your work for the next month implementing it
so is it worth it in this fictitious case? depends on your company's relative weighting of factors like security, speed and cost. What other projects will not be done if you do this? is a 5 or even 25% increase in traffic actually a problem on your LAN? what would be your downtime from something like Blaster?
what is your actual intention for IPSec?
|
|
| Back to top |
|
|
cornerstoned
Just Arrived
Joined: 10 Jun 2005
Posts: 0
|
| Posted: Sun Jun 12, 2005 4:47 am Post subject: |
|
|
My intention is to utilize encrypted network traffic for added security in regards to my paranoid behavior towards HIPAA.
Since there is a lot of patient data being transferred, I'd feel more comfortable using a network encryption with a factor around 128bit similiar to Netware.
I believe with a gigabit backbone and 20mbps WAN links (14mpbs actual) it won't be an issue.
|
|
| Back to top |
|
|
njan
Trusted SF Member
Joined: 02 May 2005
Posts: 9
Location: Scotland, UK
|
| Posted: Mon Jun 13, 2005 12:10 pm Post subject: |
|
|
| Quote: |
Hey all,
Yet another question... haha...
When using IPsec on the desktops, does it slow down the connectivity considerably or are there a lot of issues with connectivity?
|
Very few networks use anything approaching even 50% of the bandwidth of a 100mbit network for a substantial amount of the time, so the slight overhead which is probably added from IpSec encryption is almost certainly unlikely to affect you.
What may affect your machines is the CPU load - although for new clients this isn't an issue (for similar reasons), for servers which are maintaining dozens or hundreds of concurrent connections (such as Domain Controllers), IpSec can take up a significant amount of processing power, and this is where you're likely to have problems.
| Quote: |
I'm considering adding IPsec company wide, just curious if its going to be worth while.
|
IpSec is a good addition to part of an already-strong network security strategy, but on its own it won't provide you with much benefit if you don't already safeguard your network in otherways (such as by providing adequate firewalling, strong password policy, etc). If you're more interested in this, there's an excellent paper on 'Server and Domain Isolation' which goes through the advantages this gives you and how to implement it here on technet.
|
|
| Back to top |
|
|
|
