SSH Communications Security Releases Enterprise VPN
SSH Communications Security
- By Mike Gunderloy
- October 24, 2001
has introduced an enterprise VPN that mixes hardware and software to help ISPs or ASPs manage thousands of VPN connections.
The new product is called SSH Complete VPN. The product is designed to provide secure connections between sites regardless of
their access technology or service provider.
The software builds on SSH's experience with their flagship SSH2 protocol for secure remote logins. It includes IPSec, multiple authentication technologies and major encryption algorithms including AES, Twofish, Blowfish and 3DES.
To add a new location to the VPN, the xSP sends the SSH VPN Gateway to the customer. Installation consists of plugging the box between the
customer's Internet connection and their router. A smart card in the
device holds certificates, a private key, and initial configuration
information; further configuration can then be done from a central
Complete VPN also includes a smart client with a stateful
firewall to allow secure access from anywhere. Multiple offices can be
combined into one virtual office by setting up links between their SSH
VPN Gateways. Alternatively, remote users can connect to a single office by dialing into the Internet and then logging in via an SSH VPN Gateway.
The Central Management (CM) station runs at the xSP and can "push" new security policies and configuration information out to the distributed hardware at any time. The CM also includes facilities for certification creation, maintenance, and distribution, and can be managed via a browser-based interface.
Mike Gunderloy, MCSE, MCSD, MCDBA, is a former MCP columnist and the author of numerous development books.