Question 137. What is S/WAN?

The S/WAN (Secure Wide Area Network, pronounced "swan") initiative designates specifications for implementing IPSec, the security architecture for the Internet Protocol [Atk95a] [Atk95b][Atk95c] [KMS95][MS95a], to ensure interoperability among firewall and TCP/IP products. S/WAN's goal is to use IPSec to allow companies to mix-and-match the best firewall and TCP/IP stack products to build Internet-based Virtual Private Networks (VPNs). Currently, users and administrators are often locked in to single-vendor solutions network-wide, because vendors have been unable to agree upon the details of IPSec implementation. The S/WAN effort should therefore remove a major obstacle to the widespread deployment of secure VPNs.

S/WAN supports encryption at the IP level, which provides more fundamental, lower-level security than higher-level protocols, such as SSL (see Question 134) and S-HTTP (see Question 133). It is expected that higher-level security specifications, including SSL and S-HTTP, will be routinely layered on top of S/WAN implementations, and these security specifications will work together synergistically.

To guarantee IPsec interoperability, S/WAN defines a common set of algorithms, modes, and options. S/WAN uses RC5 (see Question 76) at key sizes ranging from 40 bits (for exportability) to 128 bits. S/WAN can also be implemented using DES (see Question 64).