Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Microsoft IE exploit code unreliable, but more coming
Microsoft begins paving path for IT, cloud integration
Ciena will pay $769M for Nortel's metro Ethernet business
Malware enlists jailbroken iPhones for botnet
Check Point tackles Web 2.0 apps and social-site widget control
Cisco's free iPhone app grabs security feeds
New attack fells Internet Explorer
Global warming research exposed after hack
The broadband gap: Is FCC grabbing for the wrong tool?
Verizon suit a 'gamble worth taking' for AT&T, says IP lawyer
IBM smartphone software translates 11 languages
Intel: Don't look for one device to do it all
Google adding IPv6 to YouTube
Atlantis astronauts: Final spacewalk, preparing for Earth trip
Broadband stimulus grants delayed
/

Reviews /

Response to RFP: RedCreek

Today's breaking news
Send to a friendFeedback

Network World Fusion, 05/10/99

Response
Request For Proposal on
Secure Remote Access
For
Powell Electrical Manufacturing Company

Executive Summary

RedCreek is pleased to respond to the Powell Electrical Manufacturing Co. Request for Proposal regarding secure remote access for its employees. We believe that our Ravlin family of secure Virtual Private Network (VPN) products provides the most cost effective and least expensive solution to your corporate remote access needs. Our remote access solution includes redundant hardware products for maximum up-time as well as expansion to accommodate future requirements and support for strong authentication services. The network manager will have full access to, central control of, and usage statistics of all hardware and software security products using RavlinNodeManager and HP OpenView. All subsidiaries and remote users access the corporate network thru standard access to the Internet.

Connectivity Requirements

The RedCreek family of Ravlin products support LAN-to-LAN as well as Remote User-to-LAN communications. The Ravlin 3200, 7100 and Personal Ravlin hardware units can communicate among each other and they all offer the same set of features. The Ravlin devices have the ability to reside on an ethernet segment and protect/encrypt traffic between networks as in your Central Office to Subsidiary environment. In addition, Telecommuting Users can access the Central Office LAN via the high-speed Personal Ravlin hardware device. Mobile Users and out-of-the-office Executives can access the Central Office using the RavlinSoft software client. This software package also protects/encrypts data between the laptop or desktop system and the corporate network. Each Ravlin can maintain numerous tunnels between itself and another Ravlin and each tunnel can be defined to selectively encrypt, block or pass in the clear traffic down to the host level. These filters can be configured individually on each Security Association. The filters utilize source and destination IP addresses and sub-net masks when making decisions on traffic handling.

For example, between Ravlin A at the Central Office and Ravlin B at a Subsidiary, a tunnel can be defined to only allow traffic from one particular host behind Ravlin A to another specific host behind Ravlin B. Additional tunnels can be defined between Ravlin A and Ravlin and each of these tunnels could be defined for a completely different set of hosts. Further, additional tunnels could be added between Ravlin A and a third Ravlin C at a different Subsidiary, which have totally separate traffic filters.

RedCreek's software client, RavlinSoft, has similar filtering capabilities but differs in that the filters are applied on destination addresses since RavlinSoft is a client application. The other features that the Ravlin 3200, 7100 and Personal Ravlin employ (3DES, X.509 certificates, digital signatures, etc) are also supported in the RavlinSoft client. RavlinSoft can utilize an ethernet connection or a dial-up PPP connection.

User Authentication

All of the Ravlin family of products utilize X.509 v.3 digital certificates for authentication per the IPSec draft standards. Currently these certificates are loaded into the Ravlin device at time of manufacture and stored there in non-volatile memory. Further, the RedCreek Root Certificate is also loaded and stored in the device and used to verify the RedCreek signature.

The Ravlin 7100 offers the capability to act as a client to an RFC-2138 compliant RADIUS server to perform user-level authentication on Secure Associations between a Ravlin 7100 and RavlinSoft or Personal Ravlin clients. A remote user on the Subsidiary's LAN, a telecommuter or a mobile user can be authenticated via the Central Office's Ravlin 7100. In addition to supporting authentication services, RedCreek has developed a series of Vendor Specific Attributes to allow the RADIUS server to return a series of values to the authenticated user. These include IP address, subnet mask, DNS address, DNS search list, default gateway, host name and domain name.

The Ravlin 7100 can, through the use of a RADIUS server, utilize token based authentication schemes. RedCreek is has specifically tested compatibility with Security Dynamics SecureID, Lemoh tokens and CryptoCard tokens.

Product Reliability Statement

RedCreek Communications Inc. contracted with independent test labs to provide calculated mean-time-between-failure (MTBF) figures for the Ravlin products. These MTBF figures were calculated in accordance with Bellcore TR-332, Issue 6 December 1997, and these reports are on file at RedCreek in California. The calculated MTBF figures for the Personal Ravlin and Ravlin 5100/10 both exceed 550,000 hours (650,618 and 559,910 hours respectively). RedCreek has contracted to have the same lab provide calculated MTBF numbers for the Ravlin 3200 and 7100 products. Since the component lists are substantially equivalent to the Personal Ravlin and Ravlin 5100/10, we are confident that the results will also exceed 550,000 hours for these products.

In addition to a high MTBF, the Ravlin product line can be configured in a fault tolerant fashion as follows:

This configuration currently allows for continued operation with the failure of either of the two Ravlins, routers, peers, or servers. In 1999 we will be upgrading the Ravlin's software capabilities to make the above deployment even easier to configure and manage; upgrades will include an implementation of Virtual Router Redundancy Protocol (RFC 2338) as well as improvements in dead gateway detection and dead peer detection.

Network and Remote User Configuration with Costs

Central office:
Ravlin 7100 
  VPN device (Primary)  $7,500  1  $7,500
Ravlin 7100 
  VPN device (Back-up)  $7,500  1  $7,500
RavlinNodeManager 
  management software   $1,000  1  $1,000
Subsidiary:
Ravlin 3200 VPN device 
  for each Subsidiary   $1,300  8 $10,400
Telecommuters
Personal Ravlin device 
  for each telecommuter    750 35  26,250
Mobile Users
RavlinSoft client software 
  for each mobile user      35 25     875
Executive Users 	
RavlinSoft client software 
  for each executive user   35  10    350
-----------------------------------------
                                  $53,875

Ravlin Product Family

Ravlin 7100 - The Ravlin 7100 VPN solution represents a new architecture that is a step up is a step up throughput and extensibility. The Ravlin 7100 offers faster encryption and decryption speed, with the addition of Fast Ethernet connectivity. All Ethernet ports are 10/100BaseT auto-sensing ports. The Ravlin 7100 is also more scaleable, allowing for a higher number of concurrent users. As a hardware based VPN solution, the Ravlin 7100 offers superior performance, security and is software application independent. The Ravlin 7100 supports the strongest suite of IPSec network security enforcement features available today, implementing all the mandatory components of the Internet Engineering Task Force (IETF) IP Security Standard (IPSec) for enchanced network security.

Ravlin 3200 - The Ravlin 3200 is a cost-effective network security solution that performs encryption and decryption with a throughput of 40 per cent of the theoretical maximum of Ethernet. Network administrators use it to establish private communications within secure intranets or secure extranets. Its low cost lets organizations establish security over private or public IP networks quickly and easily. The Ravlin 3200 is typically installed behind an access router connected to a full-duplex T1/E1 wide-area network (WAN) circuit. It provides data privacy using industry standard 56-bit DES and 168-bit TripleDes encryption.

Personal Ravlin - The Personal Ravlin is a cost-effective network security solution for remote users with high bandwidth requirements. It addresses the needs of the Telecommuters who access the Central Office via cable, xDSL and ISDN modems. It is a single-user hardware client that provides full IPSec Virtual Private Network (VPN) in a small form factor (can fit in the palm of your hand.) The Personal Ravlin provides data privacy using industry standard 56-bit DES and 168-bit Triple DES encryption. It provides authentication and access control with Digital Signature Standard (DSS), Diffie-Hellman key exchange, X.509 v.3 digital certificates, and Internet Key Exchange (IKE) key management.

RavlinSoft - The RavlinSoft client is the ideal solution for Mobile Users and Executives who need occasional, secure access to the corporate network. With RavlinSoft, these remote users can securely access corporate resources through either public networks (Internet) or existing corporate dial-up facilities. As with all Ravlin products, RavlinSoft supports data privacy using industry standard 56-bit DES and 168-bit Triple DES encryption. It provides authentication and access control with Digital Signature Standard (DSS), Diffie-Hellman key exchange, X.509 v.3 digital certificates, and Internet Key Exchange (IKE) key management.

RavlinNodeManager - RavlinNodeManager is a Windows NT 4.0 and Windows 95-based management and control tool that provides easy configuration, management, and integration of Ravlin products into the Powell Electrical Manufacturing network and security infrastructure. RavlinNodeManager lets network administrators manage Ravlin products from a single centralized location. Administrators can add remote units and dial-in users to a secure virtual private network and customize the configuration parameters between specific subnets secured by the VPN. In addition, RavlinNodeManager tracks the traffic between units and manages existing configurations. An intuitive graphical user interface allows easy set-up and tear-down of Ravlin units, simplifying installation and control of Ravlin units from anywhere in the network. This allows quick creation and removal of secure extranets, intranets, and remote users, plus easy upgrades and troubleshooting of existing configurations. As a management tool, RavlinNodeManager is complementary to standard SNMP managers like HP OpenView(r) for monitoring, displaying statistics, and sending alarms.

RELATED LINKS

Additional responses
Plus the original RFP and a sample RFP from The Gartner Group.

Review: VPNs
We test 15 products. Network World, 5/10/99.

Interactive VPN buyer's guide
Find a VPN that best matches your critieria.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.