CrossNodes Product Briefing: Encryption Software
Encryption products for networks can work at many levels, and it is not an easy thing to determine just what techniques you may wish to employ in any given part. In this briefing, we outline the basic capabilities, terminology, and software products available to protect your data from prying eyes. Each CrossNodes Product Briefing provides an overview of what you need to know before purchasing a specific technology, and include round-up listings of current products from each of the major vendors.
Technology writers and editors take every conceivable opportunity to remind Web-boomers that "everything old is new again". Cryptography has its roots in the first part of the 16th century when the first treatise on the subject was published. Since then virtually every school child has used basic cryptography as a childhood game where a=1, b=2, c=3 and so on.
Cryptography is converting data (or "plaintext") into a secret code for transmission. An encryption algorithm codes the original text into "ciphertext". Once transmitted, the text is decoded (decrypted) back to the original text. The concept is simple as child's play and often is. Modern data encryption is not so simple but an extremely effective security tool. Network managers can choose from sophisticated encryption protection for enterprise or network data as well as lower ended products that will protect Internet transmissions.
Encryption products for networks can be used at several levels and provide a variety of functions. The following list details some product functionally terms:
- Encrypts directory level -- allows users to encrypt a specific directory and any subdirectories that reside below that directory.
- Encrypts folder level -- permits users to encrypt a folder (subdirectory) and any directories below the specified target.
- Encrypts individual files -- enables the encryption of specific files without encrypting other files in the directory.
- Encrypts multiple files -- provides the ability to encrypt multiple files with a single command.
- Disk locking -- encrypts the disk subsystem securing it from outside access by unauthorized users.
- Screen lock feature -- prevents users who do not have the proper keys from entering data to a screen.
- Locks PC/Boot lock -- requires authorization before a user can start the PC.
- Supports public key encryption -- uses an encryption key that is available to the public. The receiving system must know which key is being used in order to decipher the message.
- Supports private key encryption -- implements an encryption key that is available only to that network. Two systems must use the same key to establish data transfers.
- Audit log of access attempts -- maintains a record of all accesses to the system files and data transfers.