Application of virtual private networking technology to standards-based management protocols across heterogeneous firewall-protected networks

There has been tremendous growth within DoD of enterprise-wide COTS-based messaging and communications systems, including the Defense Message System, the Global Command and Control System, and the Global Combat Support System. To economize on development costs, standards-based protocols-including SMTP, SNMP, FTP, Telnet, and HTTP-are used to implement the underlying functionality of these systems, including messaging and service management. Vulnerabilities in such standards-based protocols have been identified, and security over the Internet and its connected systems has become an ever-increasing concern. Network security policies have been created to address the dilemma of protecting local systems from external attack while permitting easy communications between authorized parties. A burgeoning industry of firewall manufacturers has arisen to meet the challenge of implementing these policies effectively, safely, and reliably. Virtual private networking (VPN) technology was developed to enable separate firewall-protected enclaves to safely exchange data over unsecured networks. This technology is still maturing and standardized-using IPSec, ISAKMP, and DES encryption-to enable separate VPN implementations to interoperate over shared networks. This paper studies how virtual private networking technology can be employed to protect the use of standards-based service management protocols-including FTP, Telnet, SNMP, and NTP-across heterogeneous firewall-protected networks, balancing the requirements of enterprise service management with the need for local-level network security