CrossNodes Briefing: Encryption Products
Any data that travels across wires or through the air is vulnerable. Depending on the value of the data and the need to protect it, network managers often elect to encrypt transmissions. Just how does this technology work, and what are the various solutions you can deploy? Each CrossNodes Briefing is designed to act as a reference on an individual technology, providing a knowledge base and guide to networkers in purchasing and deployment decisions.
Protecting The Data Stream
Any data that travels across wires or through the air is vulnerable. Depending on the value of the data and the need to protect it, network managers often elect to encrypt transmissions. This, essentially, uses an algorithm, called a key that changes the data before it is sent. The receiving station then uses the key to restore the data to its original content.
Although encryption is an effective privacy safeguard, it can vary based on the type and size of the key. Smaller keys are easier to break than larger keys. However, longer keys require more computation, and this can slow transmissions.
In addition, companies must ensure that the keys they use remain protected. In response to the vulnerability of the keys, some vendors use asymmetric encryption that uses two keys. The sending station creates a unique key, private key and encrypts that key using a public key. The receiving system recognizes the public key, decrypts the private key and uses that to decipher the actual message.
Keys can be any size, but most range from 40-bits to 256-bits. Popular types of encryption include:
- WEP (Wired Equivalency Privacy) -- specification for wireless connections; the current standards call for 40-bit encryption, but a 128-bit specification is planned.
- SSL (Secure Socket Layer) Encryption -- implements public and private encryption keys to secure transmission.
- DES (Data Encryption Standard) -- implements a 56-bit key for encryption.
- 3DES (Triple Data Encryption Standard) -- uses multiple keys and multiple encryption/decryption passes to enhance the security provided by simple DES.
- IPSec (IP Security) -- provides encryption for the IP protocol. Network managers can choose to encrypt the entire packet or only the data. The workstation uses a public key that triggers a proprietary key from the server that exists for the session.
- PKCS (Public Key Cryptograph Standard) -- provides encryption keys for workstations outside of the corporation. The most popular version in use number 11.
- Blowfish, also know as Pretty Good Privacy (PGP) -- allows systems to negotiate a complex number for each session. The number serves as the key for scrambling and restoring data during transmission.