Re: Blocking by MAC Address -
- From: "Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx>
- Date: Fri, 25 Nov 2005 16:31:03 +0100
Hi,
You don't have to use encryption. You can set up ESP-Null. In this case
packets only get authenticated. This will still add up a bit to the
processor since it has to check every packet but this will in general be few
percents (3-5). Most of server's CPU is more or less below 10% so adding
3-5% should not be a problem.
--
Mike
Microsoft MVP - Windows Security
"FabrizioV" <FabrizioV@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7037C317-BE2F-4ECC-9CB1-3C42882E71BB@xxxxxxxxxxxxxxxx
> Good morning Mike.
> The article is really interesting and IPSEC is an option to consider.
> An issue (IMHO) is the overhead you'll have on the clients and (most
> important) on the servers, when you encrypt all the traffic on your
> network.
> As you can see in this article :
> http://www.microsoft.com/technet/community/chats/trans/network/net0610.mspx
>
> "CPU on servers can be a problem but it can be mitigated by using IPSEC
> offload card from vendors like 3COM and Intel."
>
> So, if you already have or you are going to buy SSL/IPSEC dedicated cards
> for your data center IPSEC is a good choice.
> Else, if you have Windows 2003 and 802.1x enabled network switches, dot1x
> should be your choice.
>
> Fabrizio Volpe
>
>
> "Miha Pihler [MVP]" wrote:
>
>> Hi,
>>
>> Mitigating the Threats of Rogue Machines-802.1X or IPsec?
>> http://www.microsoft.com/technet/community/columns/secmgmt/sm0805.mspx
>>
>> --
>> Mike
>> Microsoft MVP - Windows Security
.
- References:
- Blocking by MAC Address -
- From: aman11
- Re: Blocking by MAC Address -
- From: Miha Pihler [MVP]
- Re: Blocking by MAC Address -
- From: Miha Pihler [MVP]
- Blocking by MAC Address -
- Prev by Date: Re: networking problems
- Next by Date: Re: Port forwarding not working
- Previous by thread: Re: Blocking by MAC Address -
- Next by thread: Re: Blocking by MAC Address -
- Index(es):
Relevant Pages
|
Loading
