Network Computingwww.networkcomputing.com

There are cases where WTLS won't work well for you. If you don't have a WAP gateway or if you have to support mobile users who don't have a WAP/WTLS microbrowser, you're out of luck. Wireless VPN is restricted to handheld devices such as Palm Pilots because cell phones don't have the horsepower or memory to run VPN software. The success of PDA-based VPN clients largely depends on the ease of use and VPN efficiencies that can be achieved on low-powered PDAs.

Certicom is coming to market with a VPN client for the Palm, and a freeware version of Top Gun SSH for Palm Pilot can be found at http://www.ai/~iang/TGssh/. We spent a lot of time working with both the Certicom IPsec client and Top Gun SSHand and think these two programs provide excellent ways to secure traffic from a Palm Pilot and home network.

Considering the cost of purchasing and installing VPN gateways, it makes sense to use the VPN gateway for as many applications as possible. Certicom's full-featured VPN client interoperates with the Cisco 3000 series of VPN concentrators, Check Point Software Technogies' VPN-1 Gateway and Nortel's Contivity. During testing we used a Cisco 3000. The beta we tested didn't support all the features we might have employed, such as certificate support or split tunneling, but we were able to connect to the gateway using preshared secret IKE and tunnel mode IPsec. Given that the Palm Pilot doesn't have the most powerful CPU on the planet, we found little difference between encrypted and non-encrypted traffic for most operations. The best modem connection we received was 14.4 Kbps, probably due to the slow performance rather than the VPN cryptography. The only bottleneck we came across was in the initial IKE negotiation because of the processing power required to generate keys.

For terminal emulation security, TopGun SSH is a viable option, even on wireless connections. After we installed Top Gun, we dialed up our remote-access server and initiated our connection. After a few seconds, the SSH negotiation completed and brought up a terminal window that could run commands through a Unix shell account. While this worked well for command-line operations, we couldn't secure other network traffic such as HTTP or e-mail coming from the Palm Pilot.