Welcome to the latest issue of the VPNC Update. We hope you find the news in this issue valuable.
F5 is a global leader in Application Traffic Management ensuring the secure and optimized delivery of business-critical applications for the enterprise. F5's FirePass SSL VPN solution provides enterprise-class secure remote access including comprehensive application support, application level security features and simplified management capabilities on a high performance platform. FirePass is clientless, supports any device with a browser and dynamically adapts access based on both the user and the device.
Among this month's batch of new VPNC Basic Interoperability logos is one for Cisco's SANOS, which was tested running on a storage-area network (SAN) switch which supports both iSCSI and FCIP. This is the first iSCSI or FCIP system we have tested in the VPNC lab, but we are expecting more in the future. iSCSI and FCIP are the recent IETF standards for running SCSI and Fibre Channel over TCP/IP, and both standards require IPsec for data protection. Although SANs are not typically thought of when discussing VPNs, they are a part of the VPN landscape that is rapidly growing in importance.
This month, three products from VPNC members have received logos for Basic Interoperability. There are now 33 systems in the VPNC lab that show interoperability in up-to-date configurations. The systems receiving new Basic Interoperability logos this month are:
In addition, one product which had already received its logo for Basic Interoperability received the logo for AES Interoperability:
See the VPNC testing page for full lists of all the VPNC members' products which have proven interoperability.
ADTRAN
ADTRAN NetVanta Products Power Network for Asian Cup
Caymas
Caymas Systems Announces First Identity-Driven Access Gateways
Check Point
Check Point Advances Internal Security Solution
to Combat Evolving Threats
Check Point
University of Kansas Goes Back-To-School with
Check Point Internal Security Solution
Cisco
TelCove Launches Its Remote Access VPN Services Based on Cisco Equipment
CyberGuard
CyberGuard Develops Innovative, Secure Wireless Network Solution For
Leading Online Retailer
Encore Networks
Satlynx Selects Encore Networks to Provide VPN Solutions Over Broadband
Satellite Networks
F5
F5 Announces the Most Advanced SSL VPN Solution
for Enterprise Application Remote Access Needs
Intoto
Intoto to Demonstrate Advanced Enterprise-Class VoIP Solution at VON
Fall 2004
Intoto
Intoto to Demonstrate Enterprise-Class Security Solutions at NSDC Fall 2004
Jungo
U.S. Robotics Deploy Leading CPE Based Web Filtering
Solution from Jungo and SurfControl
NETGEAR
NETGEAR ProSafe Dual Band 108 Mbps Wireless VPN Firewall
Receives CRN Test Center Recommendation
SafeNet
SafeNet Announces Significant Customer Developments
For Major Government Programs
SafeNet
SafeNet Announces SafeEnterprise SONET/SDH Encryptors
ServGate
ServGate Debuts EdgeForce M Series
IKEv1 has gone mostly unchanged since the RFCs were published six years ago this month. Although that can be considered a sign of stability, it is also a sign that some parts might not be keeping up with newer developments. One particular area of neglect has been the list of cryptographic algorithms that are mandated in the RFCs. For example, IKEv1 still mandates DES, which everyone knows is too weak for typical VPN usage.
Because of this, Paul Hoffman, VPNC's director, introduced a proposal to update IKEv1 with more modern algorithm requirements. That proposal, draft-hoffman-ikev1-algorithms, is now in IETF-wide last call.
The proposal specifies that the new MUST-level algorithms align with current industry practice, namely TripleDES, SHA-1, and Diffie-Hellman group 2 (1024 bits). In fact, this is the same suite of algorithms that VPNC has been using in its Basic Interoperability testing since the testing began. The proposal also has a suite of SHOULD-level algorithms, which are what VPN customers may require from IKEv1 systems in the future; these include AES-128 and Diffie-Hellman Group 14 (2048 bits). Although the MUST-level algorithms are considered safe for nearly all VPN traffic today, the SHOULD-level algorithms are considered more secure and therefore more useful in the long term.
Comments on the proposal should be sent to to the main IETF mailing list or to the IESG in the next few weeks. After the algorithms in this document are agreed on, a companion document of algorithms for IPsec with the same algorithms will be prepared.
IPsec/IKEv2 Interoperability Workshop
Santa Clara, California / February 22-24, 2005
The main focus of the event will be testing IKEv2 functionality. All vendors with IKEv2-based VPN products are encouraged to bring their latest products to test in a multi-vendor forum.
The VPNC Update is a low-volume, one-way newsletter to inform people about news in the VPN industry. Subscription is open to everyone, members and non-members alike. Previous issues of the newsletter can be found here. If you have questions about the content of VPNC Update, or suggestions or information for future issues, please send them to Paul Hoffman, VPNC's director.
To subscribe to this newsletter, send a message to
vpnc-update-request@vpnc.org
with the single word
subscribe
in the body of the message. To unsubscribe, send a message to
vpnc-update-request@vpnc.org
with the single word
unsubscribe
in the body of the message.
