Because VPN traffic may travel over public networks, VPNs also should incorporate strong encryption and authentication methods to ensure that corporate data is kept private. In fact, the potential for intentional and unintentional leaks can be minimized using VPNs over your

internal network. For example, human resources and payroll departments can have a VPN between them so that at no point is personnel information exposed to prying eyes.

As a conceptual networking model, virtual private networking holds great promise. The trouble is, there are nearly as many technology segments that purport to have VPN solutions as there are issues that VPN claims to address. These technology segments include IPSec-compatible devices, non- IPSec- compatible devices, firewall-based VPNs and remote-access VPN protocols such as Point-to-Point Tunneling Protocol (PPTP), Layer 2 Forwarding (L2F) and Layer 2 Tunneling Protocol (L2TP). Proprietary solutions--such as VTCP/Secure from InfoExpress or Bay DVS from Bay Networks, which connects remote users to the LAN--also play a part in this burgeoning market.

How does the current crop of second-generation VPN products stack up? We examined a few to determine how each market segment defines and implements VPN technology and where the products fit into a corporate network and security scheme. For the

IPSec segment, we tested RedCreek Communications' Ravlin 10 and Ravlin 4, TimeStep Corp.'s PERMIT Security Gateway and VPNet Technologies VSU-1010 VPN Service Unit. For the non-IPSec segment, we selected Aventail Corp.'s VPN 2.0 Autosocks client, InfoExpress' VTCP/Secure and Microsoft Corp.'s Point-to-Point Tunneling Protocol (PPTP); firewall-based VPNs are represented by Check Point Software Technologies' Fire Wall-1 and Cisco Systems' PIX Firewall. Finally, for dial-up VPN, we chose Shiva Corp.'s LANRover AccessSwitch, Bay Networks' Bay DVS and Cisco's AS5200 for L2F, and Microsoft's Window NT RAS for PPTP.

We didn't do our typical comparative testing. Rather, we installed the products in Network Computing's distributed labs at Syracuse University and in San Mateo, Calif., and ran a number of applications, such as FTP and HTTP, over the VPN. We were primarily interested in how the products in each technology segment provided a VPN as evidenced by features, such as authentication, encryption and remote management.

We discovered that VPN implementation, services and overall utility in the networked environment vary widely--the single, complete solution that can meet all your networking needs simply doesn't exist, though like most networking solutions, some implementations hold a distinct advantage over others. To help you unlock the secrets of virtual private networking, we'll break down several of the key t e chnology segments and define their significance as an ingredient of any developing enterprise security strategy.

To download an Adobe Acrobat .pdf format version of the VPN Technology Comparisons chart, click here.