advertise here



Industry Comment Research   RSS Feed

Webinars Buyers' Guide Podcasts

Related Publications Foward Features




  In partnership with:

IPSec bake off in San José

Mark Zimmerman, Program Manager, ICSA Labs

The world of IPsec Virtual Private Networks (VPNs) has come to a crossroads.

This technology was originally specced in the mid to late 1990s and implemented early in the automotive industry.

It is now coming out with a new updated revision. Foremost of the capabilities in this new technology is the Internet Key Exchange Version 2, or IKEv2, which allows a VPN device to create secure encrypted tunnels that are able to transport information across non-secure data paths, while keeping the content safe from prying eyes.

This technology became a boon in the late 1990s for any organization with geographically separated offices needing to link their computer networks, and was an affordable alternative to the premium price of leased lines. With an increased focus on identity theft worldwide, the drive to assure data integrity keeps this technology in the procurement cycles of many corporations.

Needless complication

It has been long said that until any information security technology becomes seamless to the user it will not reach its full market potential. More specifically, current IPsec technology has long been criticized as being gratuitously complicated. It is very difficult to implement disparate vendor VPN products.

Corporations dealing with mergers and acquisitions found it difficult to incorporate multiple vendor solutions. And so, the Internet Engineering Task Force (IETF) took up the task of remedying these issues, and has vetted 17 revisions of technical drafts that are in the final stages of review before becoming a Technical Standard.

The bake-off

In an effort to avoid the teething pains experienced with the first go-around of IPsec VPN products, ICSA Labs is hosting multiple IPsec VPN Interoperability Workshops where vendors can bring their IKEv2 based beta products out off of their R&D benches and test them against peers.

ICSA Labs started interoperability testing in 1998 and has conducted many thousands of interoperability certification tests. The VPN Interoperability Workshops have become a tool for ICSA Labs to use in providing solution implementers with an in-depth knowledge of the virtues of IPsec technology

The first such event was held in February of 2005 in Silicon Valley — in San Jose, California. Many of the vendors just unplugged their products from their development labs and drove down the 101 to an itinerant ICSA Labs IPsec test lab, where they were able to set up and test functionality and interoperability against their competitors’ products for a week. Twenty four hour security was set up at the event to avoid any instances of industrial espionage; after all, the products resting on cheap folding tables in a Hotel Ballroom represented millions of dollars in R&D spending.

Collaboration

Some products were in effect ready to ship to the customer while others were clearly in the earlier stages of product development and not ready for prime time. All who attended benefited greatly from the experience of being able to interact, communicate, and discuss their products and the new underlying technology. In fact it was so much of a success that planning for the next workshop began immediately and is scheduled to be held in Toronto Canada the week of 19 September 2005. It was decided that the workshop would take place outside of the United States to assist international vendors with travel restrictions.

Tests for the workshops are broken up into three sets — the first dealing with basic functionality, the second with secure tunnel maintenance, and the third dealing with extended functions, such as authentication using digital certificates and the intricacies of communicating behind devices serving as network address translators or NAT devices.

In the first workshop most vendors concentrated on and were successful within the first test set, however, much progress has been made throughout the summer and will yield more comprehensive test results in the area of re-keying and the use of extended functions.

For information regarding the Toronto IPSec bakeoff on 19 September 2005, see https://www.icsalabs.com/icsa/docs/html/communities/ipsec/bakeoff/Registration_2.html.

 



 

 
Search this Site:
Google Custom Search



Click here...