Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Ascend Communications-News Only!!! (ASND) -- Ignore unavailable to you. Want to Upgrade?

To: blankmind who wrote (1022)	1/23/1998 7:25:00 PM
From: Maverick	Respond to of 1629

Secrete WAN, Part II Several encryption schemes are used by VPN vendors. Leading the industry are Layer 2 Tunneling Protocol (L2TP) from Microsoft Corp. [joint dev. w/ ASND} and Cisco Systems Inc. and IPSec (IP Security), a standard being developed by the IETF (Internet Engineering Task Force). In each scheme, keys need to be distributed to remote clients and sites to permit interoperability. However, secure-key distribution poses two problems for the VPN administrator: keeping your keys out of the hands of an eavesdropper and making the key exchange process transparent to users. The Internet Security Association and Key Management Protocol (ISAKMP) may resolve these problems. ISAKMP is a draft standard, and you can find the text at hegel.ittc.ukans.edu. ISAKMP exchanges the key information between two nodes on a VPN by establishing a secure, encrypted connection between the nodes and exchanging the key information for the VPN connection. However, this specification does not address how the two nodes will select their encryption keys. The IETF's IPSec working group is developing another standard, the OAKLEY Key Determination Protocol, which "describes a protocol by which two authenticated parties can agree on secure and secret keying material." Encrypting and decrypting data flowing over the VPN is a very CPU-intensive task. As data arrives at a VPN node, it must check that the data came from another node on the virtual network. If it did, the receiving node (router, firewall, or dedicated VPN unit) must decrypt the data before passing it on to its destination on the local network. The equipment at the end points of the VPN connection (routers, firewalls, or dedicated VPN units) can take several forms. You can install routers with built-in VPN capabilities, such as those provided by Ascend Communications Inc. (http://www.ascend.com), Bay Networks Inc. (http://www.baynetworks.com ), Cisco (http://www.cisco.com), and 3Com Corp. (http://www.3com.com). End points can be computer-based firewalls with built-in VPN capabilities, such as Raptor Systems Inc.'s Eagle products (http://www.raptor.com) and Check Point Software Technologies Ltd.'s

To: blankmind who wrote (1022)	1/23/1998 7:27:00 PM
From: Maverick	Respond to of 1629

Secret WAN, part III Firewall-1 (http://www.checkpoint.com) for Unix and Microsoft Windows NT. You can also use dedicated hardware built for providing VPN capabilities, such as devices from Information Resource Engineering Inc. (http://www.ire.com), VPNet Technologies Inc. (http://www.vpnet.com), and RedCreek Communications Inc. (http://www.redcreek.com). If all you need is secure remote access for client PCs over the Internet, you may choose Microsoft's Point-to-Point Tunneling Protocol (PPTP) service, which is built in to Windows NT Server 4.0. Installing PPTP on a server in your organization and on a mobile client will enable encrypted communications to take place over the Internet. PPTP has the added advantage of supporting protocols other than TCP/IP. IPX and NetBEUI can be transported over PPTP links, allowing the Internet to carry these non-IP protocols. The PPTP specification provides for site-to-site links; Microsoft has stated that it plans to add this capability to its implementation in a future release. You can find a list of frequently asked questions about PPTP on theWeb at microsoft.com. Conversely, if you need site-to-site connectivity, Novell Inc.'s BorderManager offers a solution especially suited to NetWare shops. Border Manager runs as a set of NLMs on an IntranetWare server and combines VPN services with firewall functionality. You can find information on BorderManager on Novell's Web site at novell.com. The missing link When designing your company's VPN, interoperability should be of foremost consideration. Standards such as IPSec and L2TP are meant to permit products from different vendors to interoperate seamlessly, but in this early stage of development vendors can interpret and implement different standards. If you intend to use equipment from a variety of vendors to link to sites inside and outside your company, carefully test their interoperability before deploying the VPN.