The following text is copyright 1998 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.

Security on the horizon

By Scott Bradner
Network World, 5/18/98

A s predicted in a front-page story in the May 4th issue of Network
World, virtual private networks (VPN) were all the rage at
NetWorld+Interop 98 in Las Vegas. VPNs were not the only hot topic
by far, but they did seem to be everywhere you looked.

The show seemed a bit subdued compared with last year's (although
any show in Las Vegas is on an entirely different plane than shows
elsewhere). The magicians trying to entice you to listen to a spiel
about Ethernet switches were here once again, but there seemed to be
fewer of them and, wonder of wonders, there were even some
technically competent people in some of the booths.

In addition to VPNs, the Gigabit Ethernet vendors were out in force
with 20 or more booths in addition to the big Gigabit Alliance booth.
There were many other interesting products, such as Manage.Com's
Java-based front-line management station.

But VPNs seemed to me to be the show focus this year, just like
Gigabit Ethernet was last year, IP Switching the year before and ATM
before that. I just hope Gigabit Ethernet and VPNs do not take the
same path to success that the other hot topics did.

One problem with all of the attention on VPNs is there is no one
consistent thing that the VPN proponents are talking about.

Some vendors are talking about the connections between corporate
firewalls when they speak of VPNs. Others are referring to the
connections inside a WAN that an ISP might set up to do traffic
engineering or to help facilitate the delivery of consistent quality of
service (QoS). Others mean the IP tunnels that can be created between
an on-the-road employee dialing into a local ISP and the home office.
And a few vendors seem to think any en-crypted point-to-point link
qualifies as a VPN.

All of the above are valid definitions of what a VPN might be. But
with all of the differing assumptions about VPNs, it is a good idea for
users considering the purchase of VPN services or equipment to be
sure that their own and the vendors' assumptions about the
technology are in line.

One thing that most definitions of the technology have in common is
that a VPN includes encrypted point-to-point tunnels. Encouragingly,
most of the vendors I saw said they supported IP Security. IPSec is
the IETF technology that supports encrypted tunnels along with
management of the cryptographic keys. IPSec is in the final stages of
being approved as a proposed standard.

In spite of the fact that IPSec is not yet approved, eight IPSec
software vendors have already demonstrated interoperability between
their products, and many more companies have announced products.

It's a good sign that most of the VPN vendors say they already
support IPSec or will in the future. This means there is a reasonable
chance that many of the VPN products will interoperate. This, of
course, is the purpose of standards.

Disclaimer: Even though Harvard sets its own standards, its
products interoperate. The above are my own observations.