Great Circle Associates Firewalls
(February 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: FW: VPN's over the internet
From: Greg Brennan <brenngp @ onto . network . com>
Date: Tue, 27 Feb 96 08:50:00 CST
To: firewalls mailing list <firewalls @ greatcircle . com> 
Joseph (Joe) L. Moll wrote:
>I am in the middle of a design that will require a Firewall product that
>will also serve as a end node to a VPN.

Check out NSC's Borderguard and Security Router (depending on the 
performance you require).  Each of these boxes support an application known 
as Data Privacy Facility (DPF).  DPF contains software for building VPNs 
including encryption (DES, 3-DES, IDEA, and NSC1which is exportable), RSA 
authentication between devices, MD5 for Digital Signatures, Replay 
prevention, and even data compression to get more out of the links.

If you are setting up a true VPN (where only trusted sites or members can 
communicate over the VP network, even though you may be using a public 
network infrastructure, like the Internet)  then the authentication 
capabilities of the RSA algorithms provide an effective firewall - no need 
for packet filtering or proxies to protect your network against outsiders!

If you want non-trusted members to have access to portions of the network, 
or devices on the inside of the VPN, then you can use NSC's Packet Control 
Facility which provides access layer filtering capabilities and is included 
with the Borderguard and Security Router.  If you want to enhance a specific 
site's security with proxy type applications, you can place your favourite 
proxy based firewall behind the Borderguard or Security Router at only those 
sites needing this kind of protection.

Finally, if you wish to audit the security of your VPN, you can implement 
NSC's NetStalker product which is a host based, real-time monitoring 
application that watches the audit output of Borderguard and Security Router 
and gives real time alarming and even responses (dynamic filter changes, 
network reconfiguration etc.) to detected intrusion attempts.   And oh yea, 
it provides real nice reporting capabilities to show your management how 
safe your network is.

You can find more information on these products on the Network Systems home 
page at
http://www.network.com

Hope this helps!

 - Greg Brennan
Network Systems Corp.
 ----------
From: firewalls-owner
To: firewalls
Subject: VPN's over the internet
Date:  February 26, 1996 05:41PM

I am in the middle of a design that will require a Firewall product that
will also serve as a end node to a VPN.

I would appreciate any input from folks that have actually implemented this
configuration.

Regards,
 ---
Joseph (Joe) L. Moll  mailto:jmoll @
 acquion .
 com
http://www.acquion.com  phone:864-281-4108  fax:864-281-4576
Acquion, Inc.  Greenville, SC  USA -- Specialists in Electronic Commerce
Indexed By Date Previous: Firewall in an ATM environment
From: lalit @ smiley . mitre . org (Lalit Batra)
Next: Address Allocation for Private Internets
From: Yakov Rekhter <yakov @ cisco . com>
Indexed By Thread Previous: RE: VPN's over the internet
From: John Weakly <weaklyj @ usasoc . soc . mil>
Next: RE: VPN's over the internet
From: Paul Ferguson <pferguso @ cisco . com>
Google
 
Search Internet Search www.greatcircle.com