Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 24 Nov 1995 10:44:06 -0600
From:      Randy Berndt <rberndt@nething.com>
To:        "Jordan K. Hubbard" <jkh@time.cdrom.com>, security@FreeBSD.ORG
Subject:   Re: I wonder how much trouble something like this would be to do? :)
Message-ID:  <199511241644.KAA26846@kilgour.nething.com>

next in thread | raw e-mail | index | archive | help
Wow, only $3,600 for the PC version. I wonder if Dec has looked on 
the ftp site: ftp.cs.hut.fi:/pub/ssh for the ssh program, that does
much the same thing for telnet, rlogin type stuff for FREE.



At 06:40 AM 11/24/95 -0800, Jordan K. Hubbard wrote:
>Someone sent me this.  It sounds like "one of those really simple
>engineering ideas that marketing got ahold of and hyped the heck
>outta" but still - I can think of more than a few MIS managers who'd
>just eat this up.
>
>					Jordan
>----
>UG565-07 DEC's SECURE INTERNET ROUTE
>         
>Tunneling - transporting data from one point to another 
>encapsulated in wrapper packets - is a networking technique 
>that's been around for some years. Claiming to have its neck 
>ahead of the pack, Digital Equipment Corp says its Internet 
>Tunnel has extended this capability to provide encryption and 
>authentication technologies for the Internet enabling corporate 
>data to be transmitted securely over the net (UX No 562). Digital 
>Internet Tunnel uses a regular Internet Protocol (IP) jacket, 
>encrypted and encapsulated inside a TCP/IP packet. The source and 
>destination IP applications work as normal, but data on the 
>network between the two tunnel servers appears scrambled. When a 
>client wants to initiate a connection with an Internet Group 
>Tunnel server, a connection request is sent over the network. The 
>connection request message contains an identification message 
>that is encrypted by the client with the server's public key, and 
>then decrypted by the server with its own private key. The 
>server's database contains a list of clients that are authorised 
>to establish tunnels. If and when the request has been granted, 
>the tunnel server sends a response encrypted using the client's 
>public key, which is then decrypted by the client using its 
>private key. After the authentication session, the two parties 
>exchange portions of a session key, which is then combined to 
>form a secret session key. DEC uses the encryption technology, 
>devised by Rivest, Shamir and Adeleman, known as RSA. Versions 
>for the US and Canada use a 128-bit RC4 key, international 
>versions (because of US government restrictions) a 40-bit version 
>only. The session key is changed periodically to enhance 
>security. The tunnel comes in two flavours, the Group tunnel and 
>the Personal tunnel. The Group tunnel software runs on Digital 
>Unix, with a SLIP (Serial Line Internet Protocol), PPP (Point to 
>Point protocol), Ethernet or FDDI (Fibre distributed data 
>interface) connection. It manages the construction and operation 
>of tunnels from other tunnel servers. Performance is based on 
>system configuration and end-to-end network throughput; DEC 
>claims to support up to 512 tunnel connections. The 
>authentication key generation and management software is included 
>with the Tunnel product. Personal Tunnel software installed on a 
>PC must have Windows 95 TCP/IP software active, connected to a 
>network with connectivity and using a valid IP address for the 
>local subnet. Personal Tunnel includes a Win32 Windows-based 
>application to enable the request, operation and management of an 
>encrypted tunnel. The Internet Tunnel is meant to complement 
>firewall products, and unlike other tunnel products is said to be 
>firewall-independent. DEC reckons its tunneling technology 
>differs from router and firewall vendors because it offers 
>connections from home or mobiles to the corporate network, 
>whereas routers only provide a single private data circuit and do 
>not support end to end or trans-Internet privacy. Firewall 
>tunneling products require the use of their tunnels at both ends, 
>since interoperability standards don't exist, says the company. 
>DEC says its approach also wins out over Netscape's SSL (Secure 
>Socket layer) protocol, which also uses RSA encryption, because 
>its used at a different level of the IP stack. SSL encrypts 
>information for applications, while tunnels establish a link for 
>all connections between two networks. With Netscape applications 
>the need to encrypt a specific session, such as Web browsers, 
>Telnet or FTP must be modified to enable the request for an 
>encrypted link. In contrast, Digital Internet tunnel applications 
>are not modified, it says, and all the traffic between the 
>tunnels is encrypted. The international version is due next 
>month. Prices start at $10,000 on Digital Unix and comes with 
>DEC's own Firewall Unix, $3,600 on PCs.
>
> 
>
>
>

Randy Berndt <rberndt@nething.com>
----------------------------------
AOS/VS, FreeBSD, DOS:
I'm caught in a maze of twisty little command interpreters, all different.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199511241644.KAA26846>