ICSA Labs Announces First Certification To Use Digital Certificates For Interoperable IPSed Products

Four Products Pass Interoperability Testing Milestone

HERNDON, Va.–November 19, 2002–ICSA Labs®, an independent division of TruSecure® Corporation, today announced the first four products that have met the requirements to attain ICSA Labs IPSec 1.1 Certification. This multi-vendor interoperability testing milestone enables users to reduce their risk of security threats by selecting from a number of certified Internet Protocol Security (IPSec) products while maintaining confidentiality, data integrity and authentication. This comprehensive testing criteria is the first to use digital certificate handling.

The four companies with the certified IPSec products are produced by Intoto, Inc., Netscreen Technologies, Inc. (Nasdaq: NSCN), Nortel Networks (NYSE/TSX: NT) and Secure Computing Corporation (Nasdaq: SCUR).

ICSA Labs’ 1.1 criteria and testing are the result of a culmination of lessons learned from testing multiple vendor products in various configurations in conjunction with a set of no less than 10 other currently certified ICSA certified products. The ICSA Labs 1.1 IPSec testing criteria builds upon the previous functionality and interoperability requirements of ICSA Labs 1.0B IPSec criteria by adding the digital certificate requirements to the battery of tests. ICSA Labs examines and tests submitted products against the reference set of Version 1.1 certified IPSec products to verify they:

– are interoperable with other version 1.0B certified products;
– meet a baseline set of requirements for Internet Key Exchange (IKE) and IPSec protocols that deliver entity authentication, data integrity and confidentiality;
– meet the stringent requirements of the ICSA Labs Cryptography Certification Criteria;
– meet the requirements for accepting and utilizing digital certificates from multiple industry leading certification authorities; and
– are interoperable with other ICSA Labs 1.1 certified products.

The Certification process requires that products accomplish secure certificate enrollment and loading using PKCS#10/7, SCEP or CMP, certificate revocation list retrieval via LDAP or HTTP, and proper peer certificate validation. In addition, the criteria require products to employ strong 3DES encryption and SHA-1 authentication algorithms. The products must also demonstrate proper support for ESP-NULL, mismatched SA lifetimes, IP fragmentation handling, replay protection and Perfect Forward Secrecy (PFS). All ICSA Labs 1.1 certified products are currently available for purchase by the general user community.

“NetScreen is very happy to be one of the first companies to achieve ICSA IPSec 1.1 Certification,” said Gregory Lebovitz, staff architect at NetScreen Technologies. “Often a prerequisite for large enterprise and government engagements, this ICSA Labs Certification demonstrates NetScreen’s commitment to provide interoperable security appliances and bolsters the company’s position as a leading provider of integrated security solutions optimized for diverse enterprise and carrier networks.”

“When a vendor enrolls a product or product group into the ICSA Labs IPSec testing program, that vendor can be assured that product testing will be a continuous process, not just an event,” said George Japak, vice president of ICSA Labs. “Unlike other testing or certification programs available to the industry today, ICSA Labs interoperability means complete interoperability. We don’t allow products to be certified that are shown to be interoperable with only a “majority’ of control group products–they must be interoperable with all products. An IPSec product has never passed certification without changes having to be made to it in order to satisfy criteria requirements.”

“We’re delighted to continue our long track record of being in the first test group to meet the latest requirements for ICSA IPSec Certification. The Sidewinder(TM) Firewall and VPN gateway is known for its commitment to excellence and staying ahead of the curve on standards,” said Mike Gallagher, vice president and general manager of the Network Security Division at Secure Computing. “Keeping current with our SecureOS(TM) VPN design, application proxies and stateful inspection filters results in a hybrid architecture that delivers the world’s strongest firewall VPN.”

More information regarding the ICSA Labs IPSec Certification, as well as vendor product, version and build numbers, can be found on the ICSA Web site at: http://www.icsalabs.com/html/communities/ipsec/certification/certified_products/index.shtml.

About ICSA Labs

ICSA Labs, an independent division of TruSecure Corporation, offers vendor-agnostic testing and certification of security products. Hundreds of the world’s top security vendors submit their products for testing and certification at ICSA Labs. The end-users of security technologies rely on ICSA Labs to authoritatively set and apply objective testing and certification criteria for measuring product compliance and reliability. The organization tests 95% of products in key technology categories such as anti-virus, IPSec, VPN, firewall, PC firewall, cryptography, intrusion detection and content security. For more information about ICSA Labs, please visit http://www.icsalabs.com/.