Embed Size (px)
Citation preview
17In
fosecu
rity Tod
aySeptem
ber/October 2005
ic
sa
l
ab
s
IPSec bake off in San José Mark Zimmerman, Program Manager, ICSA Labs
This technology was originally speccedin the mid to late 1990s and imple-
mented early in the automotive industry.
It is now coming out with a new up-dated revision. Foremost of the capabili-ties in this new technology is theInternet Key Exchange Version 2, orIKEv2, which allows a VPN device tocreate secure encrypted tunnels that areable to transport information across non-secure data paths, while keeping thecontent safe from prying eyes.
This technology became a boon in thelate 1990s for any organization with geo-graphically separated offices needing tolink their computer networks, and wasan affordable alternative to the premiumprice of leased lines.With an increasedfocus on identity theft worldwide, thedrive to assure data integrity keeps thistechnology in the procurement cycles ofmany corporations.
Needless complicationIt has been long said that until any infor-mation security technology becomesseamless to the user it will not reach itsfull market potential. More specifically,current IPsec technology has long beencriticized as being gratuitously compli-cated. It is very difficult to implementdisparate vendor VPN products.
Corporations dealing with mergersand acquisitions found it difficult to in-corporate multiple vendor solutions.Andso, the Internet Engineering Task Force(IETF) took up the task of remedyingthese issues, and has vetted 17 revisionsof technical drafts that are in the finalstages of review before becoming aTechnical Standard.
The bake-offIn an effort to avoid the teething painsexperienced with the first go-around ofIPsec VPN products, ICSA Labs is hostingmultiple IPsec VPN InteroperabilityWorkshops where vendors can bringtheir IKEv2 based beta products out offof their R&D benches and test themagainst peers.
ICSA Labs started interoperability test-ing in 1998 and has conducted manythousands of interoperability certifica-tion tests.The VPN InteroperabilityWorkshops have become a tool for ICSALabs to use in providing solution imple-menters with an in-depth knowledge ofthe virtues of IPsec technology
The first such event was held inFebruary of 2005 in Silicon Valley — inSan Jose, California. Many of the vendorsjust unplugged their products from theirdevelopment labs and drove down the
101 to an itinerant ICSA Labs IPsec testlab, where they were able to set up andtest functionality and interoperabilityagainst their competitors’ products for aweek.Twenty four hour security was setup at the event to avoid any instances ofindustrial espionage; after all, the prod-ucts resting on cheap folding tables in aHotel Ballroom represented millions ofdollars in R&D spending.
CollaborationSome products were in effect ready toship to the customer while others wereclearly in the earlier stages of productdevelopment and not ready for primetime.All who attended benefited greatlyfrom the experience of being able to in-teract, communicate, and discuss theirproducts and the new underlying tech-nology. In fact it was so much of a suc-cess that planning for the next work-shop began immediately and is sched-uled to be held in Toronto Canada theweek of 19 September 2005. It was de-cided that the workshop would takeplace outside of the United States to as-sist international vendors with travel re-strictions.
Tests for the workshops are broken upinto three sets — the first dealing withbasic functionality, the second with se-cure tunnel maintenance, and the thirddealing with extended functions, such asauthentication using digital certificatesand the intricacies of communicating be-hind devices serving as network addresstranslators or NAT devices.
In the first workshop most vendorsconcentrated on and were successfulwithin the first test set, however, muchprogress has been made throughout thesummer and will yield more comprehen-sive test results in the area of re-keyingand the use of extended functions.
For information regarding the Toronto
IPSec bakeoff on 19 September 2005, see
https://www.icsalabs.com/icsa/docs/html
/communities/ipsec/bakeoff/Registration
_2.html.
The world of IPsec Virtual Private Networks (VPNs) has come to a crossroads.
Hundred of millions of dollars of R&D in a hotel ballroom
