Check Point unveils VPN product upgrades

Microsoft, TCC and NetScreen make security announcements.

By Ellen Messmer
Network World Fusion, 7/29/98

Check Point Software Technologies this week was among several companies making security announcements. Check Point unveiled upgrades to its VPN-1 virtual private network family of products.

The upgrades include VPN-1 software for Unix or NT that supports the IETF's IP Security (IPSec) standard with Internet Key Exchange. Internet Key Exchange lets two remote users establish an encrypted IP session based on authentication using text-string "shared secrets" or X.509 digital certificates.

VPN-1 only supports the Entrust Technologies, Inc. certificates because of interoperability issues concerning certificate revocation list validation checks that still need to be resolved among digital certificate providers. Check Point does expect to add other certificate vendors, such as VeriSign, in the future. The VPN-1 software, now shipping, costs $2,495. Check Point is now also shipping VPN-1 SecuRemote for clients to set up an encrypted session with the VPN-1 server.

In addition, Check Point unveiled VPN-1 RemoteLink, the vendor's first hardware-based VPN that was developed with Nokia for high-speed IP routing. VPN-1 RemoteLink, expected to ship sometime next month, supports Ethernet, Fast Ethernet and T-1/E-1. Though pricing hasn't been officially announced, Check Point President and CEO Deborah Triant said VPN-1 RemoteLink should cost less than $3,000 per unit.

Another new product from Check Point will be the VPN-1 certificate manager, expected out in the fourth quarter. This is the certificate manager OEMed from Entrust, Triant said.

Finally, Check Point announced the VPN-1 accelerator card, jointly developed with Canadian security vendor Chrysalis, for 10M bit/sec and 100/M bit encrypted traffic. Due in the fourth quarter, the accelerator board will be available for both the Sun Solaris and Microsoft NT platforms from both vendors.

Microsoft's security doings

Working with Atlanta-based Internet Security Systems (ISS), Microsoft has identified a denial-of-service vulnerability in the Microsoft Exchange Server 5.0 and 5.5 and Microsoft's NNTP news server. The flaw would incapacitate the servers if an attacker took advantage of newly-discovered buffer overflow problems and simple 10-keystroke commands and used them maliciously.

To prevent servers from crashing, Microsoft is urging users to download a security patch from its Web site.

"We think this is a serious security issue and we urge everyone using Exchange to take advantage of this hit fix right away," said Chris Klaus, founder and chief technology officer at ISS.

TCC's frame relay security initiative

Technical Communications Corp. (TCC) is shipping a frame-relay encryption device with a management application priced at $5,600 and $20,000, respectively. The TCC frame relay encryption unit, which would typically reside between the frame-relay access device or the router and the Digital Service Unit, makes use of the Data Encryption Standard to encrypt frame-relay traffic.

NetScreen's firewall offerings

NetScreen Technologies last week began shipping two encryption-capable firewalls. The NetScreen-100 for corporate LANs has a throughput of 100M bit/sec and supports 32,000 concurrent sessions. It costs $9,995. The NetScreen-10 has a throughput of 10M bit/sec and supports as many as 16,000 users. It costs $3,995. Both encrypting firewalls include network address translation, dynamic filtering of network services and URL blocking.