Joseph (Joe) L. Moll wrote:
>I am in the middle of a design that will require a Firewall product that
>will also serve as a end node to a VPN.
Check out NSC's Borderguard and Security Router (depending on the
performance you require). Each of these boxes support an application known
as Data Privacy Facility (DPF). DPF contains software for building VPNs
including encryption (DES, 3-DES, IDEA, and NSC1which is exportable), RSA
authentication between devices, MD5 for Digital Signatures, Replay
prevention, and even data compression to get more out of the links.
If you are setting up a true VPN (where only trusted sites or members can
communicate over the VP network, even though you may be using a public
network infrastructure, like the Internet) then the authentication
capabilities of the RSA algorithms provide an effective firewall - no need
for packet filtering or proxies to protect your network against outsiders!
If you want non-trusted members to have access to portions of the network,
or devices on the inside of the VPN, then you can use NSC's Packet Control
Facility which provides access layer filtering capabilities and is included
with the Borderguard and Security Router. If you want to enhance a specific
site's security with proxy type applications, you can place your favourite
proxy based firewall behind the Borderguard or Security Router at only those
sites needing this kind of protection.
Finally, if you wish to audit the security of your VPN, you can implement
NSC's NetStalker product which is a host based, real-time monitoring
application that watches the audit output of Borderguard and Security Router
and gives real time alarming and even responses (dynamic filter changes,
network reconfiguration etc.) to detected intrusion attempts. And oh yea,
it provides real nice reporting capabilities to show your management how
safe your network is.
You can find more information on these products on the Network Systems home
Hope this helps!
- Greg Brennan
Network Systems Corp.
Subject: VPN's over the internet
Date: February 26, 1996 05:41PM
I am in the middle of a design that will require a Firewall product that
will also serve as a end node to a VPN.
I would appreciate any input from folks that have actually implemented this
Joseph (Joe) L. Moll mailto:jmoll @
http://www.acquion.com phone:864-281-4108 fax:864-281-4576
Acquion, Inc. Greenville, SC USA -- Specialists in Electronic Commerce