SREcon16 Europe - Full-Mesh IPsec Network: 10 Dos and 500 Don'ts
Fran Garcia, Hosted Graphite
How do you secure your internal network when your servers are located in different continents/providers and you don't trust or even manage your network?
IPSec is a great way to secure a network but it's usually deployed as a way of connecting a small group of trusted networks, and both the tools and existing documentation reflect this. This is not really an option in some environments where you don't really control the network and want to interoperate across different providers, so you find yourself sailing through uncharted waters at times when trying to build a fully meshed network with IPSec, where each server can establish a secure connection to any other server in its cluster.
View the full SREcon16 Europe Program at https://www.usenix.org/conference/srecon16europe/program