IPSec or LEAP+MIC+TKIP?

pascal_parrot · ‎03-12-2003

Hello,

What is meaning of "reasonable" in the following sentence?

"Organizations should use IPSec when they have the utmost concern for the sensitivity of the transported data, but remember that this solution is more complex to deploy and manage than LEAP. LEAP should be used when an organization wants reasonable assurance of confidentiality and a transparent user security experience." (http://www.cisco.com/en/US/netsol/ns110/ns170/ns171/ns128/networking_solutions_white_paper09186a008009c8b3.shtml)

What is the most secure option to transport data, IPSec or LEAP+MIC+TKIP? Is it something like 10 billion years to crack IPSec and 1 billion years to crack LEAP+MIC+TKIP?

Thanks.

travis-dennis_2 · ‎03-12-2003

I am sure the security gurus will chime in on the technical side but I prefer LEAP+MIC+TKIP. My goal is very good security for a wireless network but at the same time I want things to be as transparent to the user as possible. If they do LEAP against a Cisco ACS that references the domain account you get dynamic WEP keys. You can go the extra mile and enable MIC and TKIP. Cisco says this may reduce your throughput as much as 30% but I have foud the impact to be negligible. This way you get SSO and data integrity and confidentiality using a system tha, in my opinion, someone would have to be pretty good to get into your system. It lock out most of the people who would want to get in but I have yet to see a totally hack-proof system. You can also go even farther and do Broadcast key rotation but if you do that you have some workarounds regarding VLANS else the user will get locked out after the second rotation.