Any of the ciphers that are available for use with VPN are more than strong enough for commercial-grade encryption.
The "weak link" in VPN will not be in the cipher systems that it uses. It will be in the use of "pre-shared keys," a.k.a. passwords by any other name.
You need to use digital certificates, issued to authorized users on an individual basis and replaced from time to time. You must then password-protect those certificates (which uses encryption).
Security, if it is to be meaningful, is a process, not a product and not a technology.
|