On Mon, 2006-06-26 at 21:47 -0300, Gerhard Fiedler wrote:
> Herbert Graf wrote:
> 
> > Since the router with VPN is their only connection to the rest of the
> > internet only physical access can bypass it (unless they manage to hack
> > the VPN router, possible, but easy enough to secure).
> 
> I think this may be a downside of this approach. Patrick talked about young
> boys with technical inclinations... I think it won't be long before one
> finds out how to bypass the VPN router and hook up a computer directly to
> the unfiltered internet on the WAN side of the router. Of course, if a
> password is needed, then this may work.

Obviously, physically securing the hardware is an issue, but I don't see
that as a big issue.

> This is basically the same as the satellite operator offer, with the
> difference that with the satellite solution, there is no unfiltered
> internet at the individual locations.

But a benefit here is cost and ISP transparency. I'm a big believer in
never setting something up that limits you to a particular ISP. By using
a VPN solution and your own box you are ISP neutral, if they raise rates
you can go to their competition with little issue. Cost is a big benefit
as well since aside from the upfront cost (which isn't trivial, I
admit), there is only the cost of administration, but can be very cheap
since there's only one thing to configure.

TTYL

-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist