Scenario
|
This company wants to ensure connections between its business-critical servers are encrypted using a VPN.
Approximate budget: Open
Requires: Four VPN network cards.
Concerns: The technical staff want to make use a solution that minimses the load on the servers' processors and is easy to manage.
Best solutions: Overall the 14 South Network IntraLock 10/1-DL wins due to its versatility and powerful feature set, while still able to retain a very user friendly installation, configuration, and administration sequence. An honourable mention however must also go to the 3Com 3CRFW102 PCMCIA Card, which although inappropriate for this purpose, is a very useful product in its own right.
Encryption standards
There are several encryption algorithms utilised by VPN vendors; the most common two are IP Security (IPSec) and Triple Data Encryption Standard or 3DES. The emerging Advanced Encryption Standard (AES) has recently been approved by the US National Institute of Science and Technology (NIST) as a replacement for DES, so AES may be popping up in more and more security products.
Interestingly, the GG-Blade from NetMaster also supports both the TwoFish and Serpent encryption protocols. Twofish, according to the Counterpane Web site is "a block cipher by Counterpane Labs. It was one of the five Advanced Encryption Standards (AES) finalists. Twofish is unpatented, and the source code is un-copyrighted and license-free; it is free for all uses." According to the University of Cambridge UK Computer Lab Web site, "Serpent is much faster than DES. Its design supports a very efficient bitslice implementation, and the current fastest version runs at over 45 Mbps on a 200MHz Pentium (compared with about 15 Mbit/sec for DES)."
It must be noted however that although both Serpent and TwoFish were contenders (coming second and third respectively), in the five encryption protocols reviewed for implementation as part of AES by NIST neither of them came first. The winner was the Rijndael protocol which is reportedly faster than--but not as secure as--Serpent.
Final Words
The cards we received for this review were all quite different, which goes to show that vendors are now really focusing on providing specific solutions for companies' problems that are very focused on specific target markets. 3Com impressed us with its PCMCIA Firewall/VPN card with its very useful mobile connection management application, which allows administrators to define multiple network environments, configurations, firewalls, and VPNs to suit their mobile/portable needs. The NetMaster GG-Blade had a perfectly versatile small-scale VPN/Firewall on a card that would be perfect for securing a small branch office WAN/LAN connection without the fuss and need for a external VPN/Firewall appliance. If you are looking for the big gun in an easy to set up, configure, and administer package, you would be very hard pressed to overlook the 14 South Network IntraLock 10/1-DL.
Subscribe now to Australian Technology & Business magazine.
