More security to pass around

Disclaimer: This information comes from sources that cannot be verified. As such, make no assumptions about its completeness or accuracy. We endeavor to keep this information up to date as much as possible. Feel free to send comments/ updates to the Security News Editor.

More security to pass around
By Tim Clark
Staff Writer, CNET NEWS.COM
January 19, 1998, 2:10 p.m. PT

update Virtual private network firm Aventail has unveiled two interoperability programs so that users can create VPNs when they use security products from different vendors.

Aventail's two partner programs use application programming interfaces (APIs) based on SOCKS v5, an Internet Engineering Task Force (IETF) standard that Gartner Group research analyst Jude O'Reilley calls "the basic technology that makes virtual private networks possible."

Aventail, calling itself a "policy-based" VPN company, also announced it's shipping version 2.6 of its flagship VPN software for virtual private networks. The new version adds support for digital certificates and security tokens as ways to verify the identities of users.

Virtual private networks involve sending data across the public Internet through an encrypted "tunnel" so outsiders can't read it. Aventail's software also controls access to the data by individuals at either end of the tunnel using security token cards, smart cards, X.509 digital certificates, or biometric authentication.

"We believe Aventail's approach will simplify highly-secure VPN deployments," Chris Christiansen, program director for Internet security for International Data Corporation, said in a statement.

"VPN technology relies on being integrated as much as it possibly can with other aspects of security," said Gartner's O'Reilley. Most Internet security products are built as standalone technology that require end users to act as systems integrators to make the products work together, he noted.

"Any time a suite of products requires that kind of integration, it makes it difficult for the market to get beyond the early adopter, early implementer stage," O'Reilley said, adding that Aventail's announcement moves in it the right direction.

Aventail's two partnering programs are designed to create a single framework for building secure VPNs using security products from different vendors. Aventail Secured members include IBM, Helius, and NetManage, which have integrated Aventail VPN or Aventail AutoSOCKS into their products.

Participants in Aventail Certified will be tested to interoperate or integrate with Aventail VPN. They include certificate authorities Entrust Technologies, GTE CyberTrust, VeriSign, and Thawte.

Others with products joining Aventail Certified include Axent Technologies, Blockade, Consensus, CryptoCard, DataChannel, Frontier Technologies, Funk Software, iPass, LanOptics, LeeMah Datacommunications, Microsoft, OpenConnect, Secure Computing, Security Dynamics, and Vasco.

The API for Aventail's program is based on SOCKS v5, the IETF standard for authenticated firewall traversal (AFT), which is publicly available from Aventail or NEC USA. The SOCKS API allows vendors to easily interoperate or integrate their authentication and encryption methods, management tools, and content or data filtering technologies with Aventail VPN.

Aventail VPN works with firewalls from Check Point, Raptor, and Trusted Information Systems. It also supports tunneling protocols including Cisco Systems' Layer Two Forwarding (L2F) and Microsoft's Point to Point Tunneling Protocol (PPTP).

Aventail VPN bundles client and server software for $7,995. The server is now available on Windows NT, Solaris, AIX, BSD/OS, Linux, HP/UX, and Digital Unix. The client supports all kinds of Windows, AIX, Linux, HP/UX, and Digital Unix.