The following products are able to encrypt network traffic based on
source/destination address. Some are also able to encrypt based on the
type of network service (port). As a result, sites could create a Virtual
Private Network on the Internet. I will post more details on my survey
soon to this list. I just want to know if there are other commercially
available products that provide similar functionality. Note that one would
need two boxes in order to provide for site-to-site encryption over the
ANS InterLock Service
- Supports optional DES software.
Milkyway Black Hole
- Supports modified (proprietary) DES algorithm (DES++).
- Software solution (part of Cisco operating system) later this
calendar year, hardware board to follow.
- Supports DES and cXOR.
- Available later this calendar year.
- Supports software DES.
Network Systems Corp. (NSC)
- Security Router offers encryption using IDEA, DES, Triple DES,
and high speed proprietary algorithms.
Morningstar EXPRESS Router
- Supports DES.
Motorola Network Encryption System (NES)
- Will be offering DES encryption package.
- Network Encryption Unit (NEU), supports DES.
- Publicly available.
TIS Gauntlet 3.0
- Supports software DES option and hardware DES board.
Includes resellers of Gauntlet.
- Combination of hardware and software DES.
Date: Wed, 1 Mar 95 09:24:56 EST
To: firewalls @
From: mckenney @
org (Brian W. McKenney)
Subject: Firewall-to-Firewall Encryption
Cc: mckenney @
I am looking for information on commercial off-the-shelf (COTS) encryption
products that can be used to provide firewall-to-firewall encryption
(node-to-node). The device would encrypt based on source/destination
address and if possible by network service (port).
One of our customers has a network of firewalls and they would like to
protect their network traffic over the Internet (firewall-to-firewall) but
still be able to communicate with the outside world. The firewall
configuration is the same at each of the nodes. At the present time, a
user must go through a challenge/response sequence at each firewall. The
customer is exploring security technologies that could eliminate the need
for a challenge/response dialogue at each firewall.
Inbound connections (e.g., TELNET, FTP, dial-in) from a user that is not
behind a node firewall would still be required to go through a
challenge/response dialogue (strong authentication) at the firewall.
Brian W. McKenney Mail Stop: Z-202
The MITRE Corporation 7525 Colshire Drive
McLean, VA 22102
Voice: 703-883-5463 Fax: 703-883-1397
E-Mail: mckenney @