The following text is copyright 1998 by
Network World, permission is hearby given for reproduction, as long as attribution
is given and this notice is included.
Security on the horizon
By Scott Bradner
As predicted in a
front-page story in the May 4th issue of Network World, Virtual Private
Networks (VPNs) were all the rage at Network + Interop in Las Vegas. VPNs were
not the only hot tropic by far but did seem to be everywhere you looked.
The show seemed a bit
subdued when compared to last year (although any show in Las Vegas is on an
entirely different plane than shows elsewhere). The magicians trying to entice
you to listen to a spiel about Ethernet switches were still there but there
seemed to be fewer of them and, wonder of wonders, some technically competent
people in some of the booths.
In addition to VPNs the
gigabit Ethernet vendors were out in force with 20 or more booths in addition
to the big Gigabit Alliance booth. There were many other interesting products
such as Manage.com’s Java-based front-line management station. (www.manage.com).
But VPNs seemed to me to
be the show focus this year, just like gigabit Ethernet was last year, IP
Switching the year before and ATM before that. I do hope that gigabit Ethernet
and VPNs do not take the same path to success that the other hot topics did.
One problem about all of
the attention on VPNs is that there is no one consistent thing that the VPN
proponents are talking about. Some vendors are talking about the connections
between corporate firewalls when they speak of VPNs while others are referring
to the connections inside a WAN that an ISP might set up to do traffic
engineering or to help facilitate the delivery of a consistent quality of
service (QoS). Still others mean the IP tunnels that can be created between an
on-the-road employee dialing into a local ISP and the home office. While a few vendors
seem to think that any encrypted point to point link qualifies as a VPN.
All of the above are
valid definitions of what a VPN might be. But with all of the differing
assumptions about what a VPN is it is a good idea for someone looking into VPN
services or equipment check to be sure that their and the vendor's assumptions
are somehow related.
One thing that most VPN
definitions have in common is that a VPN includes encrypted point to point
tunnels. Encouragingly most of the vendors I saw said they supported IPSEC.
IPSEC, which stands for IP security, is the IETF technology, which supports
encrypted tunnels along with management of the cryptographic keys and is in the
final stages of being approved as a Proposed Standard.
In spite of the fact
that IPSEC is not yet approved, 8 vendors of IPSEC software have already
demonstrated interoperability between their products and many more have
announced products.
The fact that most of
the VPN vendors say they do support IPSEC now or will in a future offering is
good. This means that there is a reasonable chance that many of the VPN
products will interoperate. This of course, is the purpose of standards.
Disclaimer: Even though
Harvard sets its own standards its products interoperate and the above are my
own observations.