This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Best Practice - Site to Site using Astaros

What is the best encryption / IPSec policy to use for Site to Site with 2 Astaros?

We have 2 Astaro units, ASG120 and ASG320. Currently using CiscoMatch policy, adopted from when we previously had a Cisco firewall at the remote location. I'm very concerned about performance, but need to keep security in mind. We do quite a bit of RDP traffic, as well as some file syncing over this site to site VPN.

Appreciate your best practice / thoughts !!!!

Del

This thread was automatically locked due to age.

0 BAlfson over 15 years ago

I think the fastest is AES-128. The trade-off is that it's a lot easier to crack than AES-256 PFS, but I think even AES-128 is acceptable for the Payment Card Industry standard. 3DES is more-secure than AES-256, but at a real performance penalty. It depends on how "attractive" your information is.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 William Warren over 15 years ago

not according to what i have read. There are wlel known(for over a decade) faster than vrute force attacks against DES and 3DES...this is the ve3ry reason AES was launched and the Rijndael cipher. As of now the Rijndael has help up wlel considering hte computational power of desktop computers today. I'm sure we'll see another "AES" competition within the next 5-10 years.

Schneier on Security: New Attack on AES
Schneier on Security: Another New AES Attack
http://www.networkworld.com/research/2001/0730feat2.html

Just a few of the articles I have read..[:)]
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 15 years ago

Thanks, William. I thought 3DES was a bit stronger than AES-256, but I probably just assumed that because of the slowness. It seems that you are confirming that he can use AES-128 for speed and still have more-than-adequate security.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 William Warren over 15 years ago

That's correct..AES is more secure AND faster...[:)]
Cancel
Vote Up 0 Vote Down

Cancel
0 Dawley over 15 years ago

Thanks to both of you. I would love to see a best practices area on this user bulletin board that helps people get an idea of what to implement or at least they should be considering.

Again - Thanks!

Del
Cancel
Vote Up 0 Vote Down

Cancel