Since the Internet started making waves
back in the early nineties, people have been searching for ways to make use of this way of
communicating in order to link remote locations. Each time, corporate IS would come up
with the same mantra-'The Internet is not secure'. End of story. No one can hardly blame
corporate IS for their fears-a break-in into a corporate network can attain disastrous
proportions-loss of data all the way to disclosure of confidential information to
competition. Naturally, they automatically say 'no' to anything that has even the
slightest risk attached to it. However, rising communication costs are a great motivator.
Corporate IS can no longer ignore the fact that using the Internet as a communication
medium has serious advantages:
Availability: There is now
almost no place on earth where Internet connectivity is not available. This has serious
importance to an IS department that has been entrusted with rapidly connecting remote
units to each other and headquarters.
Deployability: Getting a
link to the Internet is ridiculously simple-both in terms of dial-up (for roaming users)
as well as fixed circuits. There is virtually no lead time on getting an Internet
connection, while dedicated circuits can take weeks, even months, before they become
available.
Cost: Communicating via
the Internet costs a fraction of what an identical dedicated link would cost. This plays
an even bigger role as the number of remote units increases.
Redundancy: Point-to-point
international leased circuits typically follow fixed paths. In the event of a failure
anywhere along this path, downtime can quickly drive the network to its knees. The
Internet, however, is designed to work around outages, making it an ideal communication
medium because of the high degree of redundancy built into the system.
The IS managers are caught between the
devil and the deep blue sea-while communicating via the Internet makes tremendous sense
both technically and economically, the ever-present specter of security plays spoil-sport.
But now there are options that make it
possible to use the Internet, gaining all the benefits of the Internet, without
sacrificing security.
Tunnel Vision: The
technology that makes this possible is so simple, it is a wonder no one ever thought of it
before. In a nutshell: network data packets destined for a remote location are
encapsulated in secondary TCP/IP packets, and are encrypted at the same time. The
'covering' TCP/IP packets carry no information about the internals of the originating or
destination network-their only job is to carry their payload from the exit firewall of one
network via the Internet to the entry-point firewall of the remote network. If anyone
captures the packets, he gains nothing-the data carried inside the packets is securely
encrypted, and the external packet carries no useful information at all apart from basic
routing information-which is in any case public.
Once these data packets arrive at the
destination firewall, they are 'stripped' of their outer packets and are decrypted. The
result is a perfectly normal data packet that has valid information relevant to the
network inside the firewall-for all practical purposes, the packet arrived via a dedicated
leased line. This process, known as 'tunneling' (because the external data packets create
a virtual 'tunnel' through which the real data can securely flow) is simple and easily
implementable. The beauty of this system is that it is not restricted to TCP/IP traffic
(though TCP/IP is by far the most widely used transport protocol today)-Netbeui, IPX, and
other protocols can easily be carried securely from one network to another.
The bottomline is that in effect, the
Internet simply acts as a low-cost, high-redundancy, yet secure private network. An IS
manager's dream come true.
War Of The Standards
Once the concept became clear, it was a matter of time before various companies began
pushing their solutions, based on their own proposed standards. Microsoft and Cisco were
quickly off the blocks, with Sun following close behind.
Luckily for the consumer, the Internet
Engineering Task Force (IETF) stepped in and chose to regulate the issue. Hence the
vendors (whether they like it or not) are forced to work with cooperating standards. While
we are not quite there yet, Microsoft's Point-to-Point-Tunneling-Protocol (PPTP), Sun
Microsystems IPSEC initiative and Cisco's L2TP are heading for convergence, and already
Microsoft and Cisco's products talk to each other.
This is an important factor as these two
vendors enjoy wide corporate acceptance. Both Windows NT 4.0 and Cisco Routers using IOS
11.3 or later support tunnelling, and Microsoft has also released PPTP client software for
Windows 95, making it possible for roaming users to dial into the Internet and connect to
their home networks securely.
VPN still faces resistance from some
people, but it has become clear to just about everybody that widespread corporate
acceptance is not too far away. Corporate profitability and performance is so heavily
dependant on effective communication that there will never be a slowdown in the build-up
of communication infrastructure. However, mounting costs define feasibility of a
communication project, and with VPN technology being economical and secure, it is (pardon
the pun) the light at the end of the tunnel.