Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 1596 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Best Practice - Site to Site using Astaros

Dawley
What is the best encryption / IPSec policy to use for Site to Site with 2 Astaros?

We have 2 Astaro units, ASG120 and ASG320.  Currently using CiscoMatch policy, adopted from when we previously had a Cisco firewall at the remote location.  I'm very concerned about performance, but need to keep security in mind.  We do quite a bit of RDP traffic, as well as some file syncing over this site to site VPN.

Appreciate your best practice / thoughts !!!!


Del


This thread was automatically locked due to age.
  • 0
    I think the fastest is AES-128.  The trade-off is that it's a lot easier to crack than AES-256 PFS, but I think even AES-128 is acceptable for the Payment Card Industry standard. 3DES is more-secure than AES-256, but at a real performance penalty.  It depends on how "attractive" your information is.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    not according to what i have read.  There are wlel known(for over a decade) faster than vrute force attacks against DES and 3DES...this is the ve3ry reason AES was launched and the Rijndael cipher.  As of now the Rijndael has help up wlel considering hte computational power of desktop computers today.  I'm sure we'll see another "AES" competition within the next 5-10 years.

    Schneier on Security: New Attack on AES
    Schneier on Security: Another New AES Attack
    http://www.networkworld.com/research/2001/0730feat2.html

    Just a few of the articles I have read..[:)]

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0
    Thanks, William.  I thought 3DES was a bit stronger than AES-256, but I probably just assumed that because of the slowness.  It seems that you are confirming that he can use AES-128 for speed and still have more-than-adequate security.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    That's correct..AES is more secure AND faster...[:)]

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0
    Thanks to both of you.  I would love to see a best practices area on this user bulletin board that helps people get an idea of what to implement or at least they should be considering.  

    Again - Thanks!

    Del
Cookie Information Banner