Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
Re: [suse-security] VPN with pptp
  • From: Peter van den Heuvel <peter@xxxxxxxxxxxxxxxx>
  • Date: Fri, 14 Jun 2002 11:56:32 +0200
  • Message-id: <3D09BDD0.4F83CEF2@xxxxxxxxxxxxxxxx>
> > Complex -> much code -> many bugs.
> This rule is definitly wrong. The number (and kind) of bugs
> depend on the quality which itselfs depend on the software
> creation processes. And many small "hacked-in" things are
> horrible :)
Well, I could write a more formally correct specification. That would
get lengthy and less pointy. I sort of "hoped" that most folk on the
list would understand that "simple" would mean "as simple as you can
reasonably make it without neglecting the most essential requirements or
common sense elements of quality". In software (and IT more generally)
there's a funny tendency towards TONS of features and complexity to the
extreme. Most often the argumentation for the architecture chosen is
debatable at best. So what I mean is you best start with the simple. If
you get a feel for the quality (you can even audit the code of smaller
things more easily) and can live with it you best not go for the more
complex options. Like why would you use complex public protocol
negociation with public keys if your setup would be just as sound with a
fixed key and a fixed protocol. The point was: look at yours
requirements before you select a product.

> > Much configuration -> much time and many mistakes that are hard
> > to find.
> Yes, this is correct. But you cannot implement a solution which
> is more easy than the problem, usually ;)
Thanks for pointing that out.

> Well, VPN is not a
> trivial theme, even if M$ and all those stuff suggests. If you
> use simple protocols, maybe they are just so simple since they
> are bad by design?
Simplicity is an ASPECT. You realy think I meant to say that a bad
architecture is better than a complex architecture?

> > Also have a look at cipe.
> > - It's not a standard (no co-op with Cisco and friends).
> > - It's a module without kernel patches.
> Where is the difference to a kernel patch? A module runs in
> kernel space and has access to any resource, and a wild pointer
> can happily crash your system.
The difference is clarity in architecture. One aspect that is grossly
missing from most infrastructures of any weight I've seen over the
years. But even then, this was part of a list of cipe characteristics.
There was NO attempt at comparing it favourably to IPsec WHATSOEVER.

> > - It runs on most Microsoft platforms.
> Well, for Win it may be ok, and insecure VPN for insecure
> systems :) SCNR.
It's just a feature, not a recommendation. And please, would you care to
explain why you feel cipe is not secure? And also, most insecurity
issues in Microsoft shops are due to mis-management of their systems
instead of the system themselves, however much I might personally prefer
Linux. Try to grab any 5 year old Linux distro and throw it on the net
without any serious configuration and see how long it survives.

> > - It uses UDP for transport (never use TCP for serious tunnelling).
> Hum, why UDP? IPSec uses protocol 50,51 IIRC. Well, tunneling UDP
> Packets in a TCP tunnel would dramaticall increase the reliance
Yes, and sooo useful if the protocol being tunneled does it as well. And
then both protocols get their own transmission window timeouts and try
to correct. As soon as you loose packets you'll find out why you do not
want to use TCP. But again, it just a cipe characteristic.

Peter

< Previous Next >
Follow Ups