Cylink expands PrivateWire VPN reach
- By Diane Frank
- Sep 05, 1999
Cylink Corp. last week announced the new version of its PrivateWire virtual private network solution with enhancements that provide increased information security within a network while speeding up data transmission.
PrivateWire 2.0, which combines data encryption and digital signatures to create secure connections, includes three new features aimed at connecting a broader range of users on a network as well as improving network performance. Cylink has been working with its government and commercial customers to develop these features for some time, company officials said.
The new version, available Sept. 15, is a significant step for agencies that are making more information available to vendors, partners and remote employees using the Internet, analysts said. This is especially true as federal security follows the path of the rest of the federal information technology community in using commercial technology.
"As the government is trying to put more information onto Web sites, increase transactions with partners and internal employees...this is bringing more people into the network at a lower cost and with a higher level of technology than is available from traditional sources," said Matthew Kovar, senior analyst for data communications with the Yankee Group research firm, Boston.
"You are starting to see a move by the federal government to move to commercially available security products. And to reduce their costs, this is a viable alternative," Kovar said.
One new feature in PrivateWire 2.0, SecureSource, allows a server-based application to initiate a secure call or connection with a client anywhere within an agency's network. This is especially useful for help-desk or remote-control applications where an administrator accesses or takes control of a remote user, said John Marchioni, director of technical strategy at Cylink.
"It cuts down significantly on all the on-site needs," he said. "The connection, which before did not go through the secure network, is completely secure and encrypted."
Because the connection is initiated from within the central local-area network,
SecureSource also ensures that the security policy used to establish this connection is one approved by central management, Marchioni said.
PrivateWire 2.0's Gateway-to-Gateway feature takes VPN technology a step beyond its usual ability to securely connect servers and clients. As its name implies, Gateway-to-Gateway creates an encrypted connection between gateways within a network, but it also authenticates the gateways using an assigned ID, or signature.
This authentication allows an agency to truly extend its "trusted" network to new office LANs or a partner's LAN, Marchioni said. Not only is the information secure, but the agency can be sure that the other networks really are who they say they are, Marchioni said.
"You could [connect gateways] before; you just couldn't trust the result," he said.
Cylink is one of the few vendors offering this feature in the commercial market, but it is a very important function for customers, analysts said.
"It's a unique characteristic that's a requirement for organizations," Kovar said. "This is especially true in the government, where they want secure access with the assurance of authentication."
Cylink's new Somersault technology also is a unique offering from the company. The technology is named Somersault because of the loop that the data takes through the TCP/IP stack. Normally, encrypted data is gradually stripped out when it comes through layers in a network. Somersault lets encrypted data flow through to a proxy at the application level. Somersault then sends information back through the network layers, following normal transmission protocol.
This means that transmission of information can be done much quicker and more efficiently, Marchioni said. Encrypted packets are large, they slow network performance significantly, and they must be split to fit through the network. Because Somersault encrypts information before it is split into packets, the packet size does not change and can be sent through the network at normal speed, Kovar said.
"They're productizing functions that they have been working on with different customers for a while now," Kovar said. "They're becoming a little more efficient in terms of being able to encrypt data in flow, rather than dealing packet to packet, and that can make a difference in transmission speed."