Problem solve Get help with specific problems with your technologies, process and projects.

Encryption standards for VPNs

We have recently formed a partnership with a provider of managed VPN services. It is our hope to provide the most cost-effective and secure solution for our clients.

We are aware that the new Web-based access is growing in popularity. But, although the providers sport the fact that they use triple-DES or 128-bit encryption, what is you opinion of the true Network Security Issues.

If Triple-DES or 128-bit encryption was so secure, why has ARINC of Annapolis recently developed a high-speed higher encryption standard?
Great questions. First, the real issues between SSL-based and IPSec-based remote access have nothing to do with the encryption standards, but the authentication and control. Encryption provides confidentiality and keeps transmissions private from end-point to end-point. SSL and IPSec both provide the same level of security here. But, IPSec excels in authentication and control.

The good news about SSL-based VPN is that one doesn't need special purpose client software and can get to the network from virtually any device. Of course, this is bad news on the security front. I need to pay special attention to user authentication since the device is not locked down and I need to beware of new attacks such as retrieving data from a web cache or programs that capture key strokes. I also, need to make sure that an employee retrieving corporate data from an airport kiosk doesn't walk away with the session active using techniques like timeouts. One other caveat about SSL is that it doesn't support ALL IP applications; IPSec does.

Regarding encryption standards, we're always looking for stronger methods and they will continue to change as processors become more powerful. The availability of new encryption methods doesn't necessarily mean that the older ones are no good. It's just the nature of the game. Although most vendors implement 168-bit 3DES, IPSec has no specific encryption standard and can accommodate new ones as they become available.

This was last published in March 2003

Dig Deeper on Network Security Best Practices and Products

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.