NetLOCK Secures The Enterprise
By Christopher Smith
Peer-to-peer network encryption is becoming more popular, but only a few of the offerings on the market can handle the rigorous diversity that most networks require. What good is encrypting network traffic when you have multiple, unprotected resources because of a lack of encryption support for your network's diverse operating systems? NetLOCK 1.3 from NetLock offers not only a highly manageable multiprotocol network layer encryption but also the support to handle communication among network resources.
Need to communicate via IPX, AppleTalk or IP? NetLOCK supports Apple Computer MacOS, Digital Equipment Corp. Unix, Hewlett-Packard Co. HP-UX, IBM Corp. AIX and OS/2, Microsoft DOS/Windows 3.11, Windows95, Windows NT 3.51 and 4.0, Novell NetWare, The Santa Cruz Operation SCO OpenServer and UnixWare, Silicon Graphics Irix and SunSoft Solaris
2.4/2.5 platforms.
In Network Computing's Syracuse University lab, I tested a beta of NetLOCK 1.31 on Windows95, NT 4.0 and Solaris, encrypting IP communications. I was astonished at the universality of the encryption management for large environments.
NetLOCK offers four de facto, industry-standard encryption algorithms that encrypt data at the network layer: Data Encryption Standard (DES), Triple DES, RC2 and RC4. It also includes a Hughes proprietary algorithm, called CXOR, which the vendor says is less secure but quicker and specifically designed for more traffic-intensive environments.
Keying the Locks
The NetLOCK model consists of the agent and the manager. The agent, a client resident service, handles encryption on individual nodes. Through version 2.0 of the Simple Network Management Protocol (SNMPv2), the manager lets a network administrator adjust encryp
tion settings on any NetLOCK-protected machine on the network. The manager holds a profile for each client; even if the clien
t is currently detached from the network, the configuration is readily available. Besides a few key pieces of security information, which safeguard against intrusive node configuration management, installation requires little configuration, saving most of the work for the management console.
All three platforms required a slightly different agent for the particular operating system. For Windows95, a VxD (virtual device driver) slides into the network adapter's protocol stack to encapsulate the incoming and outgoing traffic. The Windows NT agent worked similarly, using a separate adapter instance (which appears to be a network adapter that is bound on top of the original Ethernet adapter driver), as well as a running service. Our Solaris test machine also used a shim device to encrypt IP traffic, along with a daemon running in the background.
Additionally, each agent individually requests a digitally signed public key certificate from the manager during initial configuration, which lets the agent auth
enticate other NetLOCK agents when initiating communication. I configured the key's lifetime to regenerate after a set interval, making it harder to crack.
Tem 2.0: Amountainous
By Jim Weider
WinPharaoh 1.2 Pyramids Network Alalysis
By Bruce Boardman
Tektronix Phaser 560 Beams Up Your Printing
By David Harvey
Updated August 8, 1997
|
REPORTS
ANALYTICS
Follow 
