The following text is copyright 1998 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.

Security on the horizon

By Scott Bradner

As predicted in a front-page story in the May 4th issue of Network World, Virtual Private Networks (VPNs) were all the rage at Network + Interop in Las Vegas. VPNs were not the only hot tropic by far but did seem to be everywhere you looked.

The show seemed a bit subdued when compared to last year (although any show in Las Vegas is on an entirely different plane than shows elsewhere). The magicians trying to entice you to listen to a spiel about Ethernet switches were still there but there seemed to be fewer of them and, wonder of wonders, some technically competent people in some of the booths.

In addition to VPNs the gigabit Ethernet vendors were out in force with 20 or more booths in addition to the big Gigabit Alliance booth. There were many other interesting products such as Manage.com’s Java-based front-line management station. (www.manage.com).

But VPNs seemed to me to be the show focus this year, just like gigabit Ethernet was last year, IP Switching the year before and ATM before that. I do hope that gigabit Ethernet and VPNs do not take the same path to success that the other hot topics did.

One problem about all of the attention on VPNs is that there is no one consistent thing that the VPN proponents are talking about. Some vendors are talking about the connections between corporate firewalls when they speak of VPNs while others are referring to the connections inside a WAN that an ISP might set up to do traffic engineering or to help facilitate the delivery of a consistent quality of service (QoS). Still others mean the IP tunnels that can be created between an on-the-road employee dialing into a local ISP and the home office. While a few vendors seem to think that any encrypted point to point link qualifies as a VPN.

All of the above are valid definitions of what a VPN might be. But with all of the differing assumptions about what a VPN is it is a good idea for someone looking into VPN services or equipment check to be sure that their and the vendor's assumptions are somehow related.

One thing that most VPN definitions have in common is that a VPN includes encrypted point to point tunnels. Encouragingly most of the vendors I saw said they supported IPSEC. IPSEC, which stands for IP security, is the IETF technology, which supports encrypted tunnels along with management of the cryptographic keys and is in the final stages of being approved as a Proposed Standard.

In spite of the fact that IPSEC is not yet approved, 8 vendors of IPSEC software have already demonstrated interoperability between their products and many more have announced products.

The fact that most of the VPN vendors say they do support IPSEC now or will in a future offering is good. This means that there is a reasonable chance that many of the VPN products will interoperate. This of course, is the purpose of standards.

Disclaimer: Even though Harvard sets its own standards its products interoperate and the above are my own observations.