[1211] in WWW Security List Archive
Re: Internet Tunnel Question
daemon@ATHENA.MIT.EDU (Daniel W. Woycke)
Wed Dec 6 15:00:25 1995
Date: Wed, 6 Dec 1995 11:50:50 -0500
To: "Brian W. Spolarich" <briansp@umich.edu>
From: woycke@mitre.org (Daniel W. Woycke)
Cc: "Prince, Cheryl" <cprince@mfi.com>, www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
>On Tue, 5 Dec 1995, Prince, Cheryl wrote:
>
>> Digital recently released a new (?) way of using the public Internet to
>>create -
>> -or replace--private local or wide area networks. All sensitive data is
>> encrypted with RSA tech, private key/public key cryptography on either
>>end of
>> communication as well as authentication so the parties can accurately
>>identify
>> each other. It's called the Digital Internet Tunnel.
>>
>> Has anyone heard about this kind of system (surely not the first of its
>>kind)
>> and is this safe??
Actually there a a great number of products that do encrypted tunnels over
the Internet. Here is some info from a co-worker of mine. The main
difference in some of these services (ANS, Digital) is the degree to which
they manage your Virtual Private Network (VPN).
The main issue I see with going with a service provider is that they then
become part of your security architecture. If a service provider empolyee
becomes compromised, then your net may become compromised. It is in the
best interest of the service provider to make sure that this doesn't
happen.
Date: Mon, 14 Aug 95 13:40:33 EDT
Mime-Version: 1.0
To: firewalls@GreatCircle.COM
From: mckenney@smiley.mitre.org (Brian W. McKenney)
Subject: Firewall-to-Firewall Encryption Products (Survey Update)
Cc: mckenney@smiley.mitre.org
Sender: firewalls-owner@GreatCircle.COM
Precedence: bulk
X-Mdf: Mail for woycke sent to woycke@smiley.mitre.org
The following products are able to encrypt network traffic based on
source and destination address of IP packets. Some are also able to encrypt
based on the type of network service (TCP port number). As a result, sites
can create a Virtual Private Network (VPN) on the Internet. Note that one
would need two boxes in order to provide for site-to-site encryption over the
Internet.
++If your product is missing, please let me know.
Survey Date: 14 AUGUST 1995
Firewall VPN Products are (in alphabetical order):
ANS InterLock Service
- Supports optional DES software.
Web URL: http://www.raptor.com
---------------------------
Brimstone Firewall Product
Web URL: http://www.soscorp.com/
---------------------------
Milkyway Black Hole
- Supports modified (proprietary) DES algorithm (DES++).
Web URL: http://www.milkyway.com
---------------------------
Checkpoint Firewall-1
- Encryption support planned for future release.
Web URL: http://www.checkpoint.com
---------------------------
Cisco Systems/Cylink
- Software solution (part of Cisco operating system) later this
calendar year, hardware board to follow.
Web URL: http://www.cisco.com/
---------------------------
Hughes NetLOCK
- Supports DES and cXOR.
E-Mail: netlock@mls.hac.com
---------------------------
IRE
- Available later this calendar year.
Phone: (410) 931-7514
---------------------------
KarlBrouter
- Supports software DES.
Web URL: http://www.gbnet.net/kbridge/
---------------------------
LSLI's Portus Firewall
Web URL: http://www.sccsi.com/lsli/lsli.homepage.html
---------------------------
Morningstar EXPRESS Router
- Supports DES.
Web URL: http://morningstar.com
---------------------------
Motorola Network Encryption System (NES)
E-Mail: nes@email.mot.com
---------------------------
Network Systems Corp. (NSC)
- Security Router offers encryption using IDEA, DES, Triple DES,
and high speed proprietary algorithms.
Web URL: http://www.network.com
---------------------------
Network Translation Inc. Private Internet eXchange (PIX)
- PIX supports DES
Web URL: http://www.translation.com
---------------------------
Raptor Systems
- Will be offering DES encryption package.
Web URL: http://www.raptor.com/
---------------------------
Semaphore Communications
- Network Encryption Unit (NEU), supports DES.
Phone: (408) 986-6292
---------------------------
swIPe
- Publicly available.
Web URL: ftp://ftp.csua.berkeley.edu/pub/cypherpunks/swIPe/
---------------------------
Sun Sunscreen SPF-100.
- Will support multiple encryption algorithms.
Web URL: http://www.sun.com/
---------------------------
TIS Gauntlet 3.0
- Supports software DES option and hardware DES board.
Includes resellers of Gauntlet.
Web URL: http://www.tis.com
---------------------------
UUNET LanGuardian
- Combination of hardware and software DES.
Web URL: http://www.uu.net
---------------------------
-Brian
Respectfully,
Brian W. McKenney
Network Security Engineering
The MITRE Corporation Mail Stop: Z-202
7525 Colshire Drive
McLean, VA 22102
Voice: 703-883-5463
Fax: 703-883-1397
E-Mail: mckenney@mitre.org
-----
Thank You,
Daniel W. Woycke, Senior INFOSEC Engineer (703) 883-1362
Network Security Engineering
NIDR & Firewall Applications
The MITRE Corporation
