Next, consider the confidentiality controls in place. How are the two servers connecting to each other? Are they using SSL or another secure, encrypted protocol? If the servers are using a secure protocol, a VPN connection may add unnecessary overhead to the communication, as each message would be encrypted and decrypted twice. In that case, skip the VPN. On the other hand, if you're not confident in the security of the encryption used by the client/server protocol, an IPsec VPN configured to use strong encryption is a safe, reliable choice.
- A SearchSecurity.com reader asks whether Trojans and other malware can exploit split-tunnel VPNs.
- Expert Michael Cobb addresses the difference between Triple DES and DUKPT encryption for financial transactions.
Dig Deeper on VPN security
Related Q&A from Mike Chapple
It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ... Continue Reading
The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. ... Continue Reading
HIPAA regulations incorporate NIST guidelines and standards, so do healthcare organizations need to be compliant with both? Expert Mike Chapple ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.