wilecoyote 12/4/2012 | 11:19:43 PM
re: Symantec Acquires SafeWeb So Flynn basically drills Safeweb's valuation into the ground with his comments "low value, product not ready, blah blah blah."

I bet the strategy was to buy Safeweb and Neoteris both, but drill the valuation of Safeweb down to make it more affordable, so he fires off this comment.

You know what that says to me? It says, don't engage with Netscreen unless you are very confident they will execute the transaction. Flynn screwed Safeweb bigtime going public like this. If I were Safeweb, I'd sue.

Gotta hand it to him. Smart move. Nasty, baby. Real nasty. But smart. Smart is cool, right? Netscreen didn't get where it is by being a bunch of nice guys.

Still pullin' for ya Dave. But man, that was ruthless.
mr zippy 12/4/2012 | 11:19:42 PM
re: Symantec Acquires SafeWeb "SSL VPNs allow remote users secure access to corporate networks via a standard Web browser. The key benefit of the technology is that it doesnGÇÖt require a client to be downloaded, making access from laptops and other mobile devices much easier. By contrast, IPSec requires client software to be installed on every device accessing the corporate network."

This sounds like a benefit, until you look at the reality of today's desktop, and in particular laptop environments.

This statement is comparing SSL VPNs to IPsec VPNs using cost of client deployment as the evaluation criteria, not security.

Using cost of deployment as the evaluation criteria, I'd suggest it would be a lot cheaper to distribute an IPsec client to a desktop / laptop, with maybe quarterly updates, and an occasional security fix, when compared with the cost of distributing all the service pack updates that have occured to the most commonly used web browser ie. IE.

Using security as the evaluation criteria, there are two sub-criteria that can be considered

a) accessiblity

"Special" clients such as IPsec clients can provide a somewhat useful limit to access to the corporate network, to those machines that are maintained, controlled, or at least known about (ie. the case of a teleworker using their own home PC). The last case is somewhat of a problem, as you can't be assured of how many and which PCs the teleworking installed the IPsec client on. Still, I would consider over all that the "special" client method provides a somewhat useful access limitation.

Using a generic client, such as a browser, means that access can be gained from any desktop at all, at any location, including those at Internet cafes or at your competitor's or customer's sites. Do you really want to trust the security of your corporate network to the security or lack of of an Internet cafe PC, your customer's or your competitor's PCs ?

I'd prefer not to.

b)Simplicity vs Complexity

An IPsec client has one simple purpose and one simple purpose only. It is written to only to perform that purpose, and only perform that purpose well. Furthermore, as its only purpose is security related, you'd hope, and probably can assume that secure coding practices are followed.

Web browsers are written to do many things, and serve many purposes. They are not a simple piece of software, they are very complex. Usually, complexity is the enemy in security.

Additionally, functionality usually takes (or at least in the past has taken) primary consideration over security when developing a web browser. It is less likely secure coding practices have been followed when developing the most popular browser ie. IE. This is evident based on the large number of security fixes that have come out for IE in the last couple of years.

Based on these observations, I personally think SSL VPNs are less secure than IPsec VPNs.
Sign In