[This is actually taken from a USENET discussion. I thought I'd
cross-post it here because it's potentially of interest to all of
us. We're once again facing having a load of different marketing
terms for the same thing! :) ]
I'm not picking on Dale here - just responding to a posting on
his part about what the acronym S/WAN means.
Dale Lancaster <dlancaster @
raptor .
com> wrote:
>I believe the acroynm stands for "Secure/Wide Area Network". Its basically an
>effort to get several vendors of "Virtual Private Networking" products to
Just an observation:
There are several terms being used for building network
point-to-point links with encryption, including:
"Virtual Private Network" (VPN)
"Virtual Network Perimeter" (VNP)
"IP Tunnelling"
"Secure Wide Area Network" (S/WAN)
Of the above, I feel that VNP is the most accurate and
descriptive.
"Virtual Private Network" is something that European telcos
are selling as a service for companies that want to build their own
private frame relay clouds. If we security d00ds call our stuff
VPNs and the call their stuff VPNs there will be a naming collision
down the road.
"Virtual Network Perimeter" describes accurately what is
being built. Implicit within the term is the idea that what is
being built is a cryptographically protected crunchy shell. Like
other perimeter security systems, it's vulnerable once someone
gets behind it. This is not as clear in the other terms being used.
I'm personally very concerned that a lot of organizations are
preparing to deploy VNPs and are not making sure that all the
member sites of the VNP recognize that a common security perimeter
is being built. Building all your remote offices into a single
VNP may make your overall security WORSE if you are not deliberate.
"IP Tunnelling" sounds more like an encapsulation protocol
and doesn't describe what it's actually being used to accomplish.
"Secure Wide Area Network" is unfortunate. Once again, we
see the word "secure" added to something simply because encryption
has been bashed into it. This is flawed thinking and marketing hype.
Is someone really going to believe thet their WAN is now secure
just because they've encrypted point-to-point communications
between remote offices?? I hope not!
S/WAN, specifically, refers to what RSA is pushing as a
standard firewall-to-firewall crypto scheme. I don't think they
particularly care about the packet formats or any of that, they
just want to make sure that their patented technologies are used
for key exchange. :)
"SKIP" is Sun's approach for the same thing; if I understand
it correctly, SKIP is really all about key exchange, rather than
packet payloads.
Of course, this whole miserable situation wouldn't be
upon us, had IETF not cheerfully sat and argued about the IPSEC
stuff, and gotten noplace for ever. Standards are only relevant
if they're timely. Perhaps someday IPSEC will happen and by
then there will be a large existing product base of stuff that
already works.
mjr.
--
Chief Scientist, V-ONE Corporation
work http://www.v-one.com
personal http://www.clark.net/pub/mjr/mjr-top.html
Follow-Ups:
|
|
