News

Intel, Others Embrace IPSec

• By Scott Bekker
• 09/15/1999

The technology in the middle is IPSec, an Internet standard that has gone through several phases. Although IPSec has been in existence for some time, it has not been implemented as greatly as it will be by Intel. Joining the silicon giant in the announcement were Microsoft Corp., Compaq Computer Corp. and Entrust Technologies (www.entrust.com). IBM Corp. was also part of the announcement but hurricane Floyd kept company representatives from attending the event.

In his keynote address and later in a press briefing, Mark Christensen, vice president and general manager of Intel’s network business group, spoke about giving businesses the opportunity to provide more secure networks without sacrificing speed. The companies behind the effort believe native IPSec support in their respective technologies is the key.

"Applications need to perform well, even when using the best security possible," said Ron Curry, lead product manager for Windows 2000 networking at Microsoft. "IPSec is a critical function because it uses strong technology such DES and triple DES [encryption]."

Windows 2000, and more importantly Active Directory, will include native support for IPSec. Curry says by doing this, Active Directory can be used to implement both policy and trust in a network. He also commented that adding these technologies are productive to the Microsoft bottom line. "Networking is going to be a compelling reason to go to Windows 2000 [as are other] things not back ported to 9.x," he explained.

Greg Lang, vice president and general manager of the network interface division at Intel, says the reason his company looked to using the Windows platform was because Microsoft was already in the development stage for IPSec. He also stressed, however, that this technology will be available, even if clients are not using Windows 2000. In a remote access situation Point-to-Point Tunneling Protocol (PPTP) will be used until the client gets to the network. Level 2 Tunneling Protocol (L2TP) would then be the security agent once the client is inside.

Intel will be delivering several network chipsets that accelerate encryption with native IPSec support and are optimized for Windows 2000 so there is an off-load on authentication.

Compaq and IBM’s part in the announcement is providing desktop solutions that will incorporate this technology. Ray Frigo, vice president of solutions and strategies for commercial desktops at Compaq, said trust in the network starts with the client. The three security measures that can be implemented are password, smartcard and biometrics. Currently, Compaq offers all of these services with IPSec support.

Finally, Entrust will be providing the credentials, or digital certificates, to users that will allow single sign on. The company is also forming the Intel/Entrust Interoperability Alliance to extend and enhance a more protected network environment with public certificate-based security across current and future software and hardware solutions.

Because of tight encryption all around the network, programs like packet sniffers could never read the traffic. As someone mentioned at the press briefing, that could create a dilemma for a network administrator who needs to intercept and read that data. The vendors said no technology yet exists to circumvent this problem. -- Brian Ploskina