Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4618
Views
0
Helpful
3
Replies

VPN and PGP

jnedved
Level 1
Level 1

‎06-17-2001 10:57 AM - edited ‎02-21-2020 11:21 AM

My client is planning to connect two private networks over the Internet using VPN (hardware-based devices). They also want to use PGP software to provide additional data encryption during data transfer between the two systems. I don't believe it's necessary, from either a cost or performance perspective, but they're insistent implementing PGP as well as the VPN. What can I tell them to make them see that this an unnecessary use of their resources?

Labels:
0 Helpful
3 Replies 3

b.speltz
Level 4
Level 4

‎06-21-2001 02:48 PM

PGP is going to give them some level of encryption (although PGP is not that good) from their PC to the router. Then their PGP packet will get hardware encrypted, which, if setup properly and is using 3DES is as secure as it gets. On the other side, the router that decrypts the packet with put the PGP packet back on that network to be decrypted by the end client. So it must be those two local LAN’s that they are concerned about. Of course, they could implement the Cisco VPN client from their desktop to the end router but then just the packet would be clear text on the remote LAN. Can anyone think of any other scenario where PGP might be still useful over a site-to-site VPN solution?

0 Helpful

felrodian
Level 1
Level 1
In response to b.speltz

‎07-12-2001 12:31 AM

While VPN tunneling is EXTREMELY insecure, VPN Encryption is very secure, especially if it uses blowfish. I believe you are correct when saying the only time PGP encryption would be needed is if they are worried about interception on the destined private LAN. Never can one be too secure.

felrodian@fatelabs.com

0 Helpful

rbharania
Level 1
Level 1

‎07-23-2001 11:20 PM

Hi -

PGP at the "application" layer and network layer encryption (such as IPSec) are both

very good technologies. At Cisco, we actually use both depending on what the

situation calls for.

PGP is good for:

- E-mail encryption

- File encryption

- Highly sensitive applications where the traffic going in cleartext across your otherwise

trusted internal network is not acceptable (e.g. Mergers and Acquisitions info that

only a select few should be able to see)

- Persistent encryption (IPSec only protects data as it transits the network. The data is stored

in the clear on either end of the encrypted tunnel. PGP encrypted files can reside on your

hard drive. This is useful if your CEO's laptop gets stolen, for example)

PGP downsides:

- Not transparent to the user (compare it to router-router IPsec for example)

- Traffic analysis issues

Questions I'd ask your client:

1. Is it important that the data be encrypted not just across the Internet, but across

the Intranet at either end?

2. Is it important that the data reside on an end system in an encrypted fashion?

If either question is yes, then I'd say something like PGP was warranted.

Both IPSec and PGP provide strong levels of encryption, and I sleep at night knowing I'm

using both in their respective strong suites.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents