  |
||
-AltaVista Tunnel-Technical Issues (Specific)What components are actually needed to replace a private WAN?Does AltaVista Tunnel ensure the integrity of data packets passed via the Internet? Can the Tunnel deal with dynamically-assigned IP addresses? Will the AltaVista Tunnel Personal Edition still work if it has to cross a local firewall before entering the Internet? When using an AltaVista Tunnel Personal Edition connection from one network to a trusted network, is any routing information exchanged between the two networks? Is S/WAN an IPSec implementation on IPv4? Can I restrict the access of LANs and PCs coming into my trusted network via Tunnels? Since my AltaVista Tunnel Personal Edition has a tunnel set-up menu, can I access other systems on the Internet? If so, will I pass those packets through my trusted network first? Can the AltaVista Tunnel products be used to communicate from the U.S. to other countries? Can an AltaVista Tunnel Workgroup server act as a router between multiple tunnels? How is the public key managed? Does it use the SKIP, Photouris, or ISAKMP protocols? Does the product require working with any existing certification authority (CA)?
Q: What components are actually needed to replace a private WAN? A: In addition to two AltaVista Tunnel Group Editions, a connection to the Internet from each LAN is required. This normally requires a router and a data circuit to an Internet Service Provider (ISP). This replaces the leased lines and associated costs. Q: Does AltaVista Tunnel ensure the integrity of data packets passed via the Internet? A: The tunnel uses RSA's powerful MD5 technology to automatically and transparently perform a cryptographic integrity check on each data packet, to ensure the data has not been tampered with during transmission. Q: Can the Tunnel deal with dynamically-assigned IP addresses? A: Yes. AltaVista Tunnel employs user-based authentication to offer total mobility and location independence to mobile workers. It's ready to go anywhere you go! That's because AltaVista Tunnel works with dynamically assigned IP addresses, and authenticates users. This means you are free to roam - use any ISP (Internet Service Provider) to get OnSite from anywhere on the road, any time of the day or night, and be assured of a secure connection via the Internet. A: Yes, AltaVista Tunnel's design and easy-to-use graphic interface simplifies this task by providing a setup parameter, where you can simply specify the outgoing firewall's address. In some cases, the policy of the local network may have to be modified to allow tunnel traffic to exit that local network. Firewalls based on packet filtering or circuit filtering technology only need to enable the rule to let the traffic pass. If the firewall uses non-transparent application proxy technology, the tunnel client must address the local firewall first, then the remote firewall. A: No. The Personal Edition will have two IP addresses. One will be based on the network that a PC using Windows 95 or Windows NT is directly connected to, and the other will be a virtual address assigned by the Tunnel Workgroup Edition. No routing is enabled in the PC, which would provide a back door for others on the PC's connected LAN into the virtual trusted LAN. Q: Is S/WAN an IPSec implementation on IPv4? A: Yes. We are following S/WAN very closely, and the AltaVista Tunnel Products will have full support for it in the next major release. The AltaVista Tunnel will also continue to support its current tunnel protocol, which the Internet Engineering Task Force has asked us to submit as a proposed Internet security standard. Q: Can I restrict the access of LANs and PCs coming into my trusted network via tunnels? A: When AltaVista Tunnels reside on a UNIX platform, the network administrator can use the screen program to filter packets to enforce access policies on tunneled systems. The systems accessing the trusted network via a tunnel can be restricted to access of a single system, a specific subnet or group of subnets, or can have wide open access. A: PCs using the AltaVista Tunnel software can access policy-permitted hosts inside the trusted network as well as hosts on the rest of the Internet. Packets not addressed to hosts inside the trusted network will not be sent over the tunnel and through the trusted network, but will use normal routing through the ISP to get to the destination. Q: Can the AltaVista Tunnel products be used to communicate from the U.S. to other countries? A: Yes. Encrypted tunnels can be established internationally. Many countries allow the 40-bit RC4 key to be used within their borders, and the U.S. government allows the use of the 40-bit RC4 key from the U.S. to other countries. Some countries prohibit or regulate use of encryption technology within their borders. Some country requirements may be met by a product option to disable the encryption and only use the authentication and integrity feature. Q: Can an AltaVista Tunnel Workgroup server act as a router between multiple tunnels? A: Yes. The typical case would be a facility that is part of a VPN using the AltaVista Tunnel Workgroup Edition, that also wants to support AltaVista Tunnel Personal Edition users. The same AltaVista Tunnel Workgroup Edition supports other AltaVista Group Tunnels and AltaVista Personal Tunnels at the same time. A: Key-generation software is included with the AltaVista Tunnel Workgroup Edition. The keys are based on licensed RSA technology. The key pairs are delivered to remote tunnel clients by a distribution method established by a company's security policy, and keys are stored in encrypted form on the tunnel clients and servers. The AltaVista Tunnel will also use the key management protocol that S/WAN adopts. The certificate authority support will be included in a future release.
| ||