RSS
|
|||||||||||||||||||
  IPSec-Compliant VPN Solutions: Virtualizing Your Network | |||||||||||||||||||
|
By Mike Fratto
Of course, data leaving your LAN is subject to sniffing by unauthorized users, which is where IPSec devices come in to safeguard privacy. IPSec protects your data at Layer 3 using strong encryption and authentication. IPSec tunneling with IKE ensures that your data is encrypted end-to-end and that it has not been tampered with en route. At the time of this writing, six ICSA-certified interoperable IPSec products are on the market. It's likely more will have joined them by the time you read this. While the IPSec VPN gateways with IKE support we tested--RedCreek's Ravlin 10, Shiva LanRover VPN Gateway (beta version), TimeStep's PERMIT Enterprise and VPNet's VSU 1010--are stable, aspects such as remote management, reporting and logging, and advanced management functions are still immature and require more work by vendors. However, the current crop of proprietary management stations will let trusted administrators assess problems remotely and securely. What's Next? Vendors claiming to have IPSec-compliant implementations may be telling only half the story. The other half of IPSec tunneling is IKE, or key management, which provides secure management and exchange of cryptographic keys between distant devices. The IKE protocol exchanges keys, while IPSec encrypts and signs packets. While manual IPSec is possible, it means you must add and change keys to each device--an ineffective solution since keys can't be updated as often. You also need a secure way to transmit those keys to other devices. IKE automates the process by using public-key cryptography to create a secure association, which is then used to perform a secure second public-key exchange, resulting in a symmetric key for encryption. IKE adds further functionality, such as rekeying the VPN while in session (if one key is compromised, only the portion encrypted with that key is recoverable) and perfect forward secrecy (no two keys are related).
|
|
|
|
How We Tested IPSec-Compliant VPN Solutions IPSec Certification 
The IPsec-Compliant VPN Solutions Features charts, in Acrobat format.
Take A Hard Look At Virtual Private Networks September 15, 1997 Aventail VPN 2.5: Not Your Father's Socks October 1, 1997 Unlocking Virtual Private Networks November 1, 1997 internetRx November 1, 1997 IPv6 For VPNs: It's Looking Better All The Time January 15, 1998 New Oak Server Turns Over A New VPN Leaf January 15, 1998 RFP: VPNs Across Multiple Sites July 1, 1998 Two NIC Array Solutions Offer Fault Tolerance and Load Balancing By Robert J. Kohlhepp  Print This Page E-mail this URL |
|||||||||||||||
 |
|||||||||||||||||||
our customizable newsletter, sends you security alerts, product updates and software patches on the products you use. Sign up now at 
To view the Report card.Best of the Web
Data deduplication: Declawing the clones
Data deduplication is emerging as a critically important new arrow in the storage administrator's quiver to answer hard questions about the increasing problem in storage growth costs.
Compression, Encryption, Deduplication, and Replication: Strange Bedfellows
One of the great ironies of storage technology is the inverse relationship between efficiency and security: Adding performance or reducing storage requirements almost always results in reducing the confidentiality, integrity, or availability of a system.
WAN Optimization Whitelists and Blacklists
Optimization is a fantastic way of saving money and creating really happy customers at the same time, but it doesn't work flawlessly for all applications.
WAN Optimization as a Managed Service: It's Not About the Cost
This insight examines how organizations outsourcing their WAN optimization initiatives to a third-party go about achieving their goals for application performance, reducing operational costs, and streamlining enterprise infrastructure.
