SOURCE: Cybertrust

March 08, 2005 08:30 ET

ICSA Labs Provides Forum for Testing Latest IPsec IKEv2 Technology Implementations

New Releases Run Through Different Scenarios for Evaluating Encryption, Integrity and Authentication in IPsec VPN Solutions

SANTA CLARA, CA -- (MARKET WIRE) -- March 8, 2005 -- Continuing its tradition of testing and promoting cutting-edge technology, ICSA Labs®, a division of Cybertrust® Inc., recently hosted an IPsec/IKEv2 Interoperability Workshop in which 10 new products based on Internet Key Exchange Version 2 (IKEv2) were given their first opportunity to be matched against industry peers for the purpose of identifying interoperability issues.

The IKEv2 specification facilitates the interoperability of IPSec virtual private networks (VPN), allowing secure communications channels to be set up across potentially insecure infrastructures. The specification was created to address interoperability issues typically encountered when companies try to link VPN solutions developed by different vendors. That's why events such as the IPsec/IKEv2 Interoperability Workshop are a necessary step toward certifying vendor solutions that deliver the functionality, interoperability, security and performance companies expect from these products.

ICSA Labs, specifically the ICSA Labs IPsec Product Consortium, is dedicated to promoting consumer confidence in IPsec products and facilitating interoperability between such products. ICSA Labs volunteered to host the IPec/IKEv2 Interoperability Workshop, held February 22 - 25th, which gave vendors a unique opportunity to identify interoperability issues by matching their product against industry peers in real-world scenarios. ICSA Labs will begin testing products based on IKEv2 technology as part of its IPsec 2.0 Certification program in the very near future, and the workshop offered vendors a significant milestone toward achieving that certification. These events also generate invaluable feedback to the groups that create, refine, and manage specifications such as IKEv2.

Development teams participating in the workshop came from Broadcom Corp. (NASDAQ: BRCM); Certicom Corp. (TSX: CIC); Cisco Systems (NASDAQ: CSCO); Interpeak, Inc.; Intoto, Inc.; Juniper Networks (NASDAQ: JNPR); SafeNet, Inc., and Xpressent.

"Overall, we're very pleased with the level of industry participation and the commitment shown by the vendors working to ensure that IPsec VPN remains an integral part of the enterprise security solution," said Mark Zimmerman, Technology Program Manager with ICSA Labs. "This was a very good opportunity to cooperatively test the added requirements brought about by the Internet Engineering Task Force (IETF) IKEv2 draft. We were able to identify some potential problems, and they're already being reviewed by the IETF to help avoid development misinterpretation and interoperability issues."

The test guidelines were divided into three sets. The first set addressed the ability of the products to correctly negotiate and initiate communications. The second revolved around each product's ability to re-initiate and re-key those sessions. The third dealt with extended capabilities, such as the ability to detect whether a VPN peer has failed and is no longer communicating, or if a peer is communicating from behind a Network Address Translation (NAT) device. The products were cooperatively run through various well defined scenarios, testing such specific points as the ability to negotiate the setup of secure session tunnels, the viability of different authentication methods, and the ability to serve as an Initiator or a Responder.

ICSA Labs received important assistance from a number of contributors. They included: Cisco Systems, which provided infrastructure support during the event, Paul Hoffman, who worked to capture the technical policy issue information for IETF consideration, and Xpressent Inc., whose XpressVPN software toolkit was used during the workshop to exercise and test the security functionality of the products at the event. "Our utility is ideal for this kind of workshop because it allows full-function testing of the IKEv2 protocol and allows the tester to simulate multiple error conditions," said Saroop Mathur, founder and CEO of Xpressent. "We're honored to have been able to participate in this very important exercise."

A similar event is being planned for the fall of 2005.

About ICSA Labs

ICSA Labs, an independent division of Cybertrust, Inc. offers vendor-neutral testing and certification of security products. Hundreds of the world's top security vendors submit their products for testing and certification at ICSA Labs. The end-users of security technologies rely on ICSA Labs to authoritatively set and apply objective testing and certification criteria for measuring product compliance and reliability. The organization tests products in key technology categories such as anti-virus, firewall, IPsec VPN, cryptography, intrusion detection, PC firewall, content security, SSL-VPN and Wireless LAN. For more information about ICSA Labs, please visit: http://www.icsalabs.com.

About Cybertrust

Cybertrust is a global provider of information security, providing a unique mix of processes, products, and people to enable enterprises and government agencies to secure and manage their IT infrastructure. With over 15 years of proven experience, Cybertrust is the first company to comprehensively address the entire security lifecycle by providing offerings for each of the four critical security domains of identity, threat, vulnerability, and compliance management. These offerings leverage Cybertrust's unmatched security knowledge and intelligence gathering resources, which includes ICSA Labs®, the global leader in information security product certification. Headquartered in Herndon, VA with more than 30 offices around the globe, Cybertrust is the trusted advisor for information security to over 4,000 customers worldwide. To learn more, please visit www.cybertrust.com.

© Cybertrust 2005

Cybertrust and ICSA Labs are registered trademarks of Cybertrust, Inc. All other trademarks are property of their respective owners.

Contact Information