Six SSL remote-access equipment pass ICSA Labs’ certification testing

It’s difficult to know how well network equipment works unless you try it, but that can be expensive, hence product certification programs. Equipment from six Secure Sockets Layer remote-access vendors has passed certification testing by ICSA Labs, a respected tester of security products.

It’s difficult to know how well network equipment works unless you try it, but that can be expensive, hence product certification programs. Equipment from six Secure Sockets Layer remote-access vendors has passed certification testing by ICSA Labs, a respected tester of security products.

By certifying them, ICSA is saying they meet set requirements including support for the appropriate versions of SSL, use encryption algorithms on an ICSA-approved list, use a 128-bit encryption key; and support RSA, DSS or X.509 session authentication. If a device fails, it must fail closed so no traffic can get past it into the network it is supposed to secure.

While this certification doesn’t guarantee a product is just what you are looking for, it does guarantee that it meets a broad set of standards that you can review. Products receiving certification meet all the requirements; missing any of them means they fail, ICSA says.

Passing the test says nothing about how easy these devices are to configure, manage and monitor. It also says nothing about price and features, which are major considerations when figuring out which vendor to choose. That is best left up to product reviews and buyer’s guides, including Network World’s SSL VPN Buyer’s Guide, which is continuously updated (https://www.nwfusion.com/bg/2004/sslvpn/index.jsp).

The ICSA Labs certified equipment are:

* Aventail’s EX-1500 SSL VPN.

* F5 Networks’ FirePass 1000 and 4000.

* Juniper Networks’ NetScreen Secure Access SSL VPN.

* NetScaler’s NetScaler 9400.

* Netilla’s Netilla Security Platform, E-Class

* PortWise’s Portwise mVPN

ICSA doesn’t say what vendors have had their gear tested and flunked.