With new security features and remote access options, Cylink Corp. is making it possible for companies to give remote laptop users safe access to VPNs even when they are traveling.
Cylink is adding a PC client to its NetHawk VPN equipment – to be named NetHawk 3.0 – enabling for the first time remote-access VPN connections to the NetHawk VPN gateway appliance. The Cylink client is also known as SafeNet, client software that is used by other VPN hardware makers such as 3Com Corp., Nokia Corp. and Cisco Systems Inc.
In the past, Cylink users had to place one of the company’s NetHawk appliances at each site that was going to connect to a VPN. Connections had to be made between NetHawk gateways. With the client installed on a Windows PC or laptop, users can dial their ISPs and establish a secure IP Security (IPSec) tunnel over the Internet to a NetHawk device at a corporate site.
Cylink is late to this game because competitors such as Cisco and Enterasys Networks Inc. already have dial-up and site-to-site VPN capabilities.
Still, the client adds flexibility to an already flexible networking option, says Paul Olin, VPN project manager at Raytheon Co. in Sudbury, Mass. He is evaluating the use of NetHawks to quickly link project teams at different Raytheon sites. The client would let team members work from home or the office with the same security and access to the same resources, he says. Also, a team administrator could use the client to access the NetHawk tunnel server remotely to add and delete users or change policies, Olin says.
In addition to the client, Cylink is adding new features to the NetHawk VPN gateway. This includes its own certificate authority to distribute digital certificates to VPN devices and its own internal Lightweight Directory Access Protocol server to set policies for VPN users.
The gear also copies the type-of-service (TOS) bits that indicate what service quality a packet should receive to the IPSec header. Without this capability, the TOS bit would be encapsulated, and routers could not read the bit to enforce service quality.
The NetHawk now also supports perfect-forward secrecy, which issues separate encyrption keys for each time Triple-DES traffic is encrypted. That way if one key is broken, the others aren’t vulnerable.
The client and new NetHawk capabilities will be available May 5. Customers get unlimited clients for free with the purchase of a NetHawk.
Customers who already own a NetHawk can upgrade their software for a fee, which has not been set, as part of their maintenance contract. The Cylink hardware needed to operate the VPN ranges in price from US$3,000 to $7,500.