Start64.com

We’ve recently discovered a great new resource (well, new to us, at least!) called Start64.com – a news and discussion forum for 64-bit software, security and OS issues. As the first provider of a VPN client for Windows XP 64-bit, NCP will now be regularly visiting Start64.com in order to take part in discussions and help readers with their questions about 64-bit...

Secure Entry Client for Symbian

NCP has just announced the release of its Secure Entry Client for Symbian OS-based mobile devices.  The new IPSec VPN client can be used on mobile devices such as the Nokia Eseries, which run Symbian OS from V.9.0 on S60 3rd Edition. See Dark Reading for more information on this...

What we're reading, week of 7/28

One story has reigned supreme on the blogosphere this week: Dan Kaminksy’s DNS vulnerability discovery, Matasano’s accidental (?) explanation of the details, and the resulting community fallout over the ethics of blogging about security.   From the Network Security Blog… It’s all out there Martin McKeay gives a good synopsis of the situation so far, and describes the efforts Matasano’s Thomas Ptacek has taken to apologize to the community at ChiSec.   From Matasano Chargen… Regarding The Post On Chargen Earlier Today Meanwhile, Ptacek has posted an explanation and apology on the Matasano blog.   From Errata Security… The DNS is falling A discussion of the implications this vulnerability has for ISPs and users – and which solutions will and will not mitigate the risk.   From Zero Day… Microsoft joins ‘patch DNS now’ chant; Apple patch missing ZDnet’s bloggers discuss the industry reaction to finding out about these vulnerabilities, and takes Apple to task for failing to respond with urgency.   From Rational Survivability… The DNS Debacle In Poetic Review Chris Hoff comments on the DNS fiasco in an epic series of rhyming...

What we’re reading, week of 7/28

One story has reigned supreme on the blogosphere this week: Dan Kaminksy’s DNS vulnerability discovery, Matasano’s accidental (?) explanation of the details, and the resulting community fallout over the ethics of blogging about security.   From the Network Security Blog… It’s all out there Martin McKeay gives a good synopsis of the situation so far, and describes the efforts Matasano’s Thomas Ptacek has taken to apologize to the community at ChiSec.   From Matasano Chargen… Regarding The Post On Chargen Earlier Today Meanwhile, Ptacek has posted an explanation and apology on the Matasano blog.   From Errata Security… The DNS is falling A discussion of the implications this vulnerability has for ISPs and users – and which solutions will and will not mitigate the risk.   From Zero Day… Microsoft joins ‘patch DNS now’ chant; Apple patch missing ZDnet’s bloggers discuss the industry reaction to finding out about these vulnerabilities, and takes Apple to task for failing to respond with urgency.   From Rational Survivability… The DNS Debacle In Poetic Review Chris Hoff comments on the DNS fiasco in an epic series of rhyming...

SSL versus IPsec: some considerations

We asked NCP’s Joerg Hirschmann to take look at the arguments presented in Reliable Systems’ recent post, “Remote Access for Everyone,” and offer some respectful criticism of the case made for SSL versus IPsec. Quotations below are from the original article, with Joerg’s comments following. Installation: The success rate for an average user being able to install an IPSec client and get the VPN tunnels to work, even with phone support, was around 15%. Most of the time the user had to bring in the computer or we had to send a tech on site. Management based native VPN installations are pre-configured by central administration. Configurations will be created automatically using a leading internal database like Active Directory. Users do not encounter configuration issues at all! They cannot even change VPN related settings. Pre-installed basic settings, getting personalized at first connection = Plug & Play VPN. Compatibility: Different physical network technologies – notably DSL – run into performance problems with IPSec in many configurations, requiring adjustments on the client, routers, or other things that you just can’t expect end users to understand. A communication suite deals not only with the VPN part but also takes care of connecting the client safely and with the highest possible performance with the internet with only one goal: establish the VPN tunnel. The user does not even need to know the communication media; the client will select it automatically. In general SSL VPN has much more performance issues than an IPsec based VPN which is primarily based on the protocol in use. Portability: IPSec is very easy to block on a network. In fact, it took...