Path: utzoo!mnetor!uunet!husc6!rutgers!columbia!cunixc!alan From: alan@cunixc.columbia.edu (Alan Crosswell) Newsgroups: comp.dcom.lans Subject: Re: Security on ethernet (and DEC product announcement) Message-ID: <525@cunixc.columbia.edu> Date: 29 Mar 88 19:58:42 GMT References: <4805@ecsvax.UUCP> <1701@aecom.YU.EDU> Reply-To: alan@cunixc.columbia.edu (Alan Crosswell) Organization: Columbia University Lines: 22 Keywords: ethernet,security DEC has very recently announced what I believe to be a LAN-bridge like box combined with a VMS-based key server. It use a hardware DES implementation and is supposed to encrypt data at the packet level in one box and decrypt it at the other (totally transparent to the hosts). It will also allow clear text passthru when one host sits behind a decrypter but the other doesn't so you can add these things to an existing ethernet, protecting the "important" hosts ("important" meaning how much money you want to spend) while still allowing access for others. It's supposed to have all kinds of configuration stuff too so you can decide who can talk to whom. Anybody have any better information on it? Since it coexists with non-encrypted Ethernet, it must transmit unencrypted source and destination addresses in the header (or does it simply use the source and desitnation address of the encrypter itself?) What kind of performance does it provide? Is it a functional replacement for a LAN-bridge or would one still need a LAN-bridge to do the filtering? Prices are about the same as a LAN-bridge with the VMS key software also costing about that amount (I'm not sure if Robert's Rules of Netiquette and price quotes apply here:-) Alan Crosswell User Services Columbia University