Network Engineer

amigan_99

<div>
That's really helpful. Thanks Noci. I didn't realize there could be a speed enhancement there. That would be a big bonus as they send a lot of VDI traffic over these links and we're trying to reduce some grumbles on that performance.
</div>


That's really helpful. Thanks Noci. I didn't realize there could be a speed enhancement there. That would be a big bonus as they send a lot of VDI traffic over these links and we're trying to reduce some grumbles on that performance.

<div>
<div class="content wysiwyg-content">
In a new environment one of the projects left behind by a predecessor was to upgrade the encryption on their DMVPN from 3DES to AES 256. That's a good goal to be up to modern standards. But I see a lot of other areas of greater vulnerability. And the update and verification of hundreds of spoke sites will take considerable time. My question: how vulnerable is a 3DES encrypted DMVPN network?
</div>
</div>


In a new environment one of the projects left behind by a predecessor was to upgrade the encryption on their DMVPN from 3DES to AES 256. That's a good goal to be up to modern standards. But I see a lot of other areas of greater vulnerability. And the update and verification of hundreds of spoke sites will take considerable time. My question: how vulnerable is a 3DES encrypted DMVPN network?

3DES DMVPN

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Encryption

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Internet Protocol Security

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.

Networking

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.