NETWORK WORLD NEWSLETTER: STEVE TAYLOR AND JOANIE WEXLER ON WIDE AREA NETWORKING 11/11/04 Today's focus: The pros and cons of IPSec
Dear [EMAIL PROTECTED], In this issue: * IPSec's remote-access drawbacks * Links related to Wide Area Networking * Featured reader resource _______________________________________________________________ This newsletter is sponsored by Cisco Systems Special Report: Bridging the Gap; Enterprise ROI IT professionals today don't indulge in the latest-greatest technology for their own sake; instead they concentrate efforts on projects that are most likely to help achieve business goals. Read about the challenges and opportunities when IT starts 'bridging the gap' and directly contributes to enterprise ROI. http://www.fattail.com/redir/redirect.asp?CID=88019 _______________________________________________________________ WHAT DO YOU KNOW ABOUT THE NEW DATA CENTER? Sign up for Network World's Data Center Newsletter in which Johna Till Johnson and the team at Nemertes Research will provide an ongoing assessment of current data center business drivers and future trends; concrete advice and guidance for IT executives seeking to consolidate data centers, improve disaster recovery, and deploy virtualization techniques. Click here to subscribe: http://www.fattail.com/redir/redirect.asp?CID=87909 _______________________________________________________________ Today's focus: The pros and cons of IPSec By Steve Taylor and Joanie Wexler There are two major types of Internet-based VPNs: IPSec VPNs and SSL VPNs. Each has significant advantages - and disadvantages - in the corporate networking environment. The greatest advantage of IPSec is its transparency to applications. Since IPSec operates at Layer 3, it has essentially no impact on the higher network layers. As implied by its name, IPSec runs at the IP layer and, as such, is indifferent as to whether application traffic is being transported using TCP or UDP protocols. Consequently, IPSec is equally as appropriate for securing real-time traffic (such as VoIP) as it is for traditional data applications. Additionally, since IPSec is usually deployed for inter-site connections, it is quite possible that the computers attached to the network at a given site may not even have IPSec capabilities running on the attached PCs. In a remote-access environment where there is no IPSec-enabled router, however, the PC must run a copy of the IPSec stack. The disadvantage to an IPSec remote-access approach is that once a computer is attached to the IPSec-based network, all of the additional devices attached to that local network might also be able to gain access across the WAN to the corporate network. So it's possible that a worm on the "kid's computer" could easily spread to shared drives on the corporate network. In other words, any vulnerabilities that exist at the IP layer in the remote network could be passed to the corporate network across the IPSec tunnel. Making sure that this doesn't happen is doable, but results in higher support costs. By contrast, SSL VPNs run at higher network layers so they don't expose network drives to remote workers, shielding the network against vulnerabilities like worms. Another IPSec disadvantage is that if you're working off-site, say, at a partner location, connecting to your own company's network is difficult if not impossible due to restrictions in most corporate firewalls. Finally, for part-time teleworkers, it is becoming difficult to use the home Internet connection for corporate network access if using an IPSec-encrypted VPN tunnel. Increasingly, ISPs consider anything IPSec-encrypted to be a "business-class" transmission. As such, they want to charge higher rates for IPSec traffic and will block IPSec traffic if the service type is not business class. Next time we'll conduct a similar evaluation of SSL. RELATED EDITORIAL LINKS Network Security Basics http://www.webtorials.com/abstracts/BackGroundersPaper3.htm >From Frame Relay to IP VPN: Why to Migrate, Why to Out-Task http://www.webtorials.com/abstracts/Cisco32.htm Managed IPSec-Based VPN Services http://www.webtorials.com/abstracts/Cisco34.htm SSL making strides against IPSec VPNs Network World, 07/26/04 http://www.nwfusion.com/news/2004/072604ssl.html Equant offers hybrid VPN service Network World ISP News Report Newsletter, 10/25/04 http://www.nwfusion.com/newsletters/isp/2004/1025isp1.html Net6 goes from remote access to collaboration Network World Fusion, 08/03/04 http://www.nwfusion.com/news/2004/0803net6.html _______________________________________________________________ To contact: Steve Taylor and Joanie Wexler Steve Taylor is President of Distributed Networking Associates and Publisher/Editor-in-Chief of Webtorials.Com. For more detailed information on most of the topics discussed in this newsletter, connect to Webtorials.Com <http://www.webtorials.com/>, the first Web site dedicated exclusively to market studies and technology tutorials in the Broadband Packet areas of Frame Relay, ATM, and IP. He can be reached at <mailto:[EMAIL PROTECTED]> Joanie Wexler is an independent networking technology writer/editor in California's Silicon Valley who has spent most of her career analyzing trends and news in the computer networking industry. She welcomes your comments on the articles published in this newsletter, as well as your ideas for future article topics. Reach her at <mailto:[EMAIL PROTECTED]>. _______________________________________________________________ This newsletter is sponsored by Cisco Systems Special Report: Bridging the Gap; Enterprise ROI IT professionals today don't indulge in the latest-greatest technology for their own sake; instead they concentrate efforts on projects that are most likely to help achieve business goals. Read about the challenges and opportunities when IT starts 'bridging the gap' and directly contributes to enterprise ROI. http://www.fattail.com/redir/redirect.asp?CID=88018 _______________________________________________________________ ARCHIVE LINKS Archive of the WAN newsletter: http://www.nwfusion.com/newsletters/frame/index.html _______________________________________________________________ FEATURED READER RESOURCE NEW! Website dedicated to Networking for Small Business now available The editors of NW Fusion and PC World have combined all their expert advice, authority, and know-how into a powerful new tool for small businesses, the new Networking for Small Business website. Get news, how-to's, product reviews, and expert advice specifically tailored to your small business needs. Find help with Security, Broadband, Networking, Hardware, Software, and Wireless & Mobile technology at: <http://www.networkingsmallbusiness.com/> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED]
