[e2e] Re: NAT usage at large companies

[Vadim Antonov]

On Sat, 19 Oct 2002, Valentin Ossman wrote:

> The only way to really secure the network is to establish IPSec tunnels
> en-to-2nd between all the servers and workstations.

Not really.  This only takes care of communication privacy.  You also need
authentication (of users, hosts, and server processes), authorization
(including secure distribution of authorization information), key
management, availability (denial of service resistance) and intrusion
detection.  On its own, IPSec tunnels are no more effective (within a LAN)
than having Ethernet switches with MAC address filters on per-port basis.

--vadim