|
midrange.com
On Fri, 19 Mar 2004, jt wrote:
> Thank you. I'm sure there are a fair bit of details involved, which I don't
> know, but I've often wondered if there is any advantage, security-wise, to
> running SSL withIN a VPN? (Same sig quote as usual, I presume James?...;-)
My understanding (not wanting to get sued here) is that a VPN doesn't
provide any additional security to an SSL enabled telnet connection. What
a VPN provides is security for all those protocols and communications that
are otherwise not secure. A VPN is also able to "hide" your network setup
since the "virtual private" part of the network is hidden in the
encryption. An examination of the TCP packets of both a VPN and
SSL-enabled telnet look something like this:
[TCP headers][goobledegook]
The difference is the goobledegook part. A VPN will contain the TCP
headers and data from your "virtual private" network. SSL-enabled telnet
will contain just the telnet data. Upon receiving a packet, a VPN stips
off the outer layer of TCP headers, unencrypts the goobledegook, and then
forwards on the resulting TCP traffic onto the network. SSL-enabled
telnet does the exact same thing, except that instead of forwarding the
data onto the network, it hands it over to the telnet daemon.
Running SSL-enabled telnet over a VPN means that when the VPN receives a
packet it will strip off the TCP headers, unencrypt the goobledegook, and
forward the result onto the network. This time, the result will be some
TCP headers followed by more goobledegook. The goobledegook is the
encrypted data of the telnet connection. It gets passed on to the
SSL-enabled telnet server which removes the headers, unencrypts the
goobledegook, and passes the data on to your application. However,
encrypting the encrypted data doesn't really gain you anything. So using
a VPN in combination with SSL-enabled telnet doesn't really provide you
with more security. It is similar to running a VPN over a VPN (which is
entirely possible).
An interesting note to this is that it is possible to run a VPN over
SSL-enabled telnet! SSH is basically SSL-enabled telnet with some added
coolness. By using a fairly smart telnet server, you can route TCP/IP
traffic through SSL-enabled telnet. SSH provides just this sort of
functionality. Network traffic can be routed into an SSH session, just as
if it were a normal IP route. On the other end that traffic is then
routed onto the private network.
btw - now I have a completely new and exciting .sig!
James Rich
Zvpebfbsg vf abg gur nafjre.
Zvpebfbsg vf gur dhrfgvba.
AB (be Yvahk) vf gur nafjre.
-- Gnxra sebz n .fvtangher sebz fbzrbar sebz gur HX, fbhepr haxabja
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
