IPSec Encrytion

Which IPSec encrytion provides the best balance between speed and security?
mohawkadminAsked:
Who is Participating?
 
scrathcyboyConnect With a Mentor Commented:
Generally routers have 2 settings, if you choose the maximum encryption (128 bit as I recall) it is very slow, very reliable, but 10 minutes to transfer a 10 MB file, typically.  So use the next level of encryption below the maximum for the router (the reason it is relative is the routers capabilities and onboard RAM and speed vary from one model to the next).  Then when you pick an encryption key, keep it between 6 and 12 characters, without spaces.  Letter-number combos are good, like - MH127admin98 - would be the longest you would want.  Make sure the authentication is set to challenge-response, and you will be operating at as fast as that router can do (likewise, set the other VPN router the same).  If you are talking about windows server VPN, forget it, it is MUCH slower that VPN-endpoint router to VPN-endpoint router.
0
 
liamkellycabraCommented:
Not really possible to answer as it depends on who is looking at the packets and how much time and processing power they have.

Anyway as a rule of thumb start low and baseline with a transfer across the wire. then start to ramp up the encryption and test again using your baseline method.
Stop when you can't use the line to your users satifaction.


You could augment the security in your model by using PGP encryption to protect you sensitive data: on files being transfered and Email etc.

this is a good article (maybe old but still true)
http://infosecuritymag.techtarget.com/2002/jul/speed.shtml

Liam
0
All Courses

From novice to tech pro — start learning today.