On Mon, 2003-05-05 at 18:36, Tom Lane wrote:
> Josh Berkus <josh@agliodbs.com> writes:
> > In VPNs favor, it can be made much more secure than SSL can ever be.
>
> Really? Why is that? VPN seems *less* safe to me, because by default
> it opens up all ports to pass through the tunnel. With SSL you know
> exactly what ports will be forwarded.
My company gave me an RSA SecurID token (the size of a small pager),
that generates a new six digit random number every 60 seconds. When
I want to connect to the corporate VPN server, I type in my PIN number
and the SecurID token.
The VPN client software then says
Security ESP - Triple DES, SHA
IKE Diffie-Hellman Group I
--
+---------------------------------------------------------------+
| Ron Johnson, Jr. mailto:ron.l.johnson@cox.net |
| Jefferson, LA USA http://members.cox.net/ron.l.johnson |
| |
| The purpose of the military isn't to pay your college tuition |
| or give you a little extra income; it's to "kill people and |
| break things". Surprisingly, not everyone understands that. |
+---------------------------------------------------------------+
