Hi All,
First off let me say...great forum. Finally a place to have an intelligent conversation on the subject of Infosec (Information Security). A real relief from the stock specific boards where 8 out of 10 messages are from chart watchers discussing technical merits fo different stocks.
Onwards...
I am trying to get a handle in general on the VPN marketplace. Not so much from a technology standpoint, but rather from a business need perspectives. (As tech gear heads we sometimes get caught in love of technology for its own sake, rather than as a means to an end).
I think perhaps the best way to go about this is to throw out some general concepts, bat them around for a while and as we reach consensus go summarizing what the group has agreed (or disagreed on).
So let me start with a broad question...
After having given secure communications a lot of thought...it seems to be that there are three general categories of business needs. I would love to hear thoughts, kibbitzing, modifications to the model, blah, blah, blah.
Regards,
Yomama
1) Point to Point
Company X needs to secure the leased line between Company Site in Des Moines and Company Site in New York
----------------------------------------------------
This is technology which focuses on securing and encrypting all communications between Point A and Point B.
The goal is to secure the wire.
The technology is probably a hardware solution with a software management overlay. Additionally, the technology probably requires two paired peers on either side (ie each Point requires the same level of hardware...)
Types of products: Link encryptors
(This is probably not what a lot of people would consider a VPN...but to me there is no real difference between Point to Point over AT&Ts private ATM network and Point to Point over the Internet. At the end of the day both networks are "public" to me.)
2) Point to Multi-point
Bank Y needs to provide all of its home banking users access to consult and manage their accounts via the Web or dial-up.
----------------------------------------------------
This is technology which focuses on securing and encrypting communications between a LAN gateway and a large number of remote users.
The goal is to allow a large number of users to access a portal (and a series of resources within that portal) in a secure and controlled manner. By secure and controlled I mean all the usual buzzwords: authentication, encryption, certificationa and non-repudiation.
The technology is probably a software based solution with underlying hardware acceleration. Additionally this is probably implemented asymetrically with a great deal of the horsepower and work on the gateway side and a thin client on the, er well client side.
Types of products: Tunelling systems, VPNs, Secure Web Sites, etc
3) Multi-point to Multi-point
Company Z has multiple corporate sites exposed on the Internet and wants to establish a secure overlay so that it can create a cheap WAN.
----------------------------------------------------
This technology is very similar to Point to Point except that there are multi-points all of which need to know how to encrypt and decrypt with each other.
The goal is to secure a multitude of wires without a dedicated unit for each one.
The technology is probably a series of intelligent routers with some form of encryption technology overlay, but can also be done in Software (Lotus kinda sorta does this, as supposedly will NT 5.0)
Types of products: Er, well, never seen one...but let's call them intelligent router with some form of encryption overlay <grin> |
