By Kurt Seifried, email@example.com, Copyright Kurt Seifried
With sensitive data moving across public networks some form of encryption is needed to protect the data, provide authentication, and prevent spoofing/etc. The emerging standard for this problem is IPSec (IP Security), which has broad industry support and a recognized set of RFC's laying down the rules. Unfortunately one of the major areas of IPSec is key management, and this is one area where many vendors have trouble interoperating, so if you are considering a hetrogenous network do plenty of testing beforehand. The good news is most vendors support IPSec, many "out of the box", and there are numerous free to cheap clients for Windows 95/98/NT (2000 has built in support).
The first decision needed when implementing IPSec is to decide what traffic you want to encrypt. Will you simply be using IPSec to connect various LAN's across the Internet securely (gateway to gateway), will dial-up and other remote users be connecting into the corporate LAN (client to gateway), or will all traffic be encrypted (client to client)? For servers and gateways you should definately consider buying hardware accelerators, there are also several new ethernet cards on the market (like this one from Intel) that have built in hardware to handle the encryption, and driver support under several operating systems.
|Linux||FreeS/WAN||here||GPL||Some vendors ship, most do not|
|OpenBSD||IPSec||http://www.openbsd.org/||BSD||Ships with OpenBSD|
|NetBSD||KAME||http://www.kame.net/||BSD-like AS-IS||Ships with NetBSD|
|FreeBSD||KAME||http://www.kame.net/||BSD-like AS-IS||Ships with FreeBSD|
|Solaris 8.0||IPSec||http://www.sun.com/||Commercial||Ships with Solaris 8.0|
|Windows 95 / 98 / NT||PGP VPN Client||here||Commercial|
|PGP Freeware||here||Commercial, free for personal, non-commercial use|
|PGP International||here||Commercial, free for personal, non-commercial use|
|Windows 2000||IPSec||http://www.microsoft.com/||Commercial||Ships with Windows 2000|
[ Back | TOC | Forwards]