IPsec's longevity is about more than IPv6

By Nicholas Greene We already know that IPsec is here to stay, especially since it’s such an integral part of IPv6. So, how did IPv6 become so ingrained with IPsec? Why was IPsec developed in conjunction with IPv6, and how did it get to where it is today? To answer these questions, let’s quickly revisit the origins of IPsec. Let’s go back to the 1990s, when (as most people think)  IPv6 was first being developed because of IP address exhaustion. But in reality, along with the address exhaustion, something else was abundantly clear to the Internet Engineering Task Force (IETE). During its inception, the Internet was a relatively private technology. Truth be told, I don’t think the original technology was ever intended to become the public platform that it is today. And as most people involved with networking will tell you, security for a private network is a very different beast than from public network security. A public security remedy is what the IETF ultimately realized was lacking as the Internet became increasingly public. “The obvious need for securing content at layer three [the ‘network’ layer of the seven-layer OSI networking model] was what spurred the development of IPsec,” said Paul Hoffman, head of the VPN Consortium. “There is security for each protocol at each layer, and IPsec is for that IP.” See, as the Internet grew, a number of applications and protocols began to appear that SSL wasn’t really equipped or designed to deal with. Essentially, SSL at the time, wasn’t well-suited for public networks.  There were two reasons for this. The first one: SSL was — and...

What Annoys You About Remote Access? Part 2

As part of an ongoing series, VPN Haus is asking average users about their frustrations with remote access. Most people we speak to attest that remote access has offered remarkable flexibility that simply wasn’t possible before. But as remote access has become more ubiquitous, so has confusion and annoyance. “You can use SSL which is much simpler to manage and more bandwidth friendly. It is also easier on the end user. They don’t need to remember to connect the VPN first,” says Justin Fox an IT administrator for a small business. We completely sympathize with Fox’s vexation – but SSL isn’t necessarily a catch-all. SSL is fine for intermittent remote access, but for those who need to connect remotely regularly, SSL is, well, hopelessly underwhelming. So, what’s this newer, faster, better alternative to SSL? IPsec VPN. Yes, you read that right. There’s a new crop of VPN options that are redefining the very idea of “ease of use.” Case in point, Die Mobiliar*, the oldest private Swiss insurance company, recently updated its VPN solution. Understandably, the company was worried about usability for its end-users – but ultimately, it found a remote access technology with a simple, graphical user interface for end-users and a one-click central management for the IT department. Who says you can’t please everyone? Readers, what are your thoughts on the new generation of VPN solutions? *Full disclosure, Die Mobiliar is an NCP...

Internal Security Policy and the “Wild” Web 2.0 Frontier

By David Torre Guest Contributor Internal information security policies have existed within the enterprise since the dawn of the information technology era. Viewed by many as a necessary evil and simply a check box compliance item, the overall value of a well-written internal security policy has become, perhaps ironically, now more important than ever in a world saturated with digital information. Traditionally, internal policies were developed to demonstrate an organization’s commitment to information security, and to provide clear and consistent computing guidelines for which all employees must abide by. Even today, such time-honored objectives still remain relevant. Yet as mobile and cloud computing continue to shape the information technology landscape, it has become increasingly difficult for information-wielding knowledge workers to protect the organization’s most cherished asset: intellectual property. As if protecting trade secrets from peering outsiders weren’t challenging enough, security professionals are also faced with threats that originate from within the enterprise. While tales of malicious insiders or corporate espionage make for intriguing conversation, most of us working from the trenches have discovered that perhaps the most significant risk to the organization is that of the naive end-user; one who cannot easily discern between safe and unsafe information handling practices. Consequently, this presents a dilemma of where to draw the line of acceptable levels of security aptitude. Take for example a cloud-based solution which is blatantly advertised as being “enterprise-friendly,” or a consumer smart phone that ships with a “Connect to Exchange Mail Server” icon on the home screen. It’s easy to see how users may become perplexed when attempting to determine where the corporate IT boundary ends, and...

What We’re Reading, Week of 5/17

Insecure about Security… The Future of Endpoint Security In this post, analyst, Jon Oltsik, gives us his take on the future of endpoint security.  Some experts believe that AntiVirus is dead and that there is a pressing need for new models, such as cloud security services, white listing, black listing, virtual desktops, etc.  Oltsik disagrees, and thinks that endpoint security will undergo massive changes to address new threats and requirements.  Check out Oltsik’s post to see how he envisions endpoint security in the future. Accuvant Insight… Perimeter Security – A Far Flung Fantasy? Chris Morales, solutions engineer for Accuvant LABS discusses the complications of managing security for an IT infrastructure, particularly now in our mobile environment.  He was approached by a client and was asked what does it means to lose the workstation, to leave workers to their own devices, to place the users on the outside of the ‘kingdom’—what are the security risks? what are the security savings?  Chris ponders these points in his post. Education Research Report Blog… Teachers’ Use of Educational Technology in U.S. Public Schools: 2009 Jonathan Kantrowitz summaries some of the data that was discovered in the May 2010 report, Teachers’ Use of Educational Technology in U.S Public Schools:  2009.  He shares with us that teachers indicated that a system on the school or district network was available for entering or viewing grades (94 percent), attendance records (93 percent) and student assessments results (90 percent).  Of the teachers with these systems available, the percent using it sometimes or often was 92 percent for grades, 90 percent for attendance records and 75 percent for student...

What We're Reading, Week of 5/17

Insecure about Security… The Future of Endpoint Security In this post, analyst, Jon Oltsik, gives us his take on the future of endpoint security.  Some experts believe that AntiVirus is dead and that there is a pressing need for new models, such as cloud security services, white listing, black listing, virtual desktops, etc.  Oltsik disagrees, and thinks that endpoint security will undergo massive changes to address new threats and requirements.  Check out Oltsik’s post to see how he envisions endpoint security in the future. Accuvant Insight… Perimeter Security – A Far Flung Fantasy? Chris Morales, solutions engineer for Accuvant LABS discusses the complications of managing security for an IT infrastructure, particularly now in our mobile environment.  He was approached by a client and was asked what does it means to lose the workstation, to leave workers to their own devices, to place the users on the outside of the ‘kingdom’—what are the security risks? what are the security savings?  Chris ponders these points in his post. Education Research Report Blog… Teachers’ Use of Educational Technology in U.S. Public Schools: 2009 Jonathan Kantrowitz summaries some of the data that was discovered in the May 2010 report, Teachers’ Use of Educational Technology in U.S Public Schools:  2009.  He shares with us that teachers indicated that a system on the school or district network was available for entering or viewing grades (94 percent), attendance records (93 percent) and student assessments results (90 percent).  Of the teachers with these systems available, the percent using it sometimes or often was 92 percent for grades, 90 percent for attendance records and 75 percent for student...