Lesson
11: Security Basics
Why Security?
| Identity
| Integrity
| Active
Audit
Performance Requirements
High performance in a firewall is critical.
This is driven not only by your end user community, but by
some of the applications people plan to use. Today’s
performance is being driven by the new technologies.
For instance, some of the multimedia applications like video
or audio over the Internet require a high performance firewall.
In the future, as new business applications continue to place
increasing demands on networks, performance of your security
system will be a critical success factor.
Integrity—Privacy
Next let's look at some of the different
privacy requirements people might have. So following are some
of the different methodologies that used to ensure privacy
on the network.
- VPNs IPSec,
IKE, encryption, DES, 3DES, digital certificates, CET, CEP
Encryption and Decryption
Encryption is the masking of secret or sensitive
information such that only an authorized party may view (or
decrypt) it.
Encryption and authentication controls can be implemented
at several layers in your computing infrastructure.
Encryption can be performed at the application layer by specific
applications at client workstations and serving hosts. This
has the advantage of operating on a complete end-to-end basis,
but not all applications support encryption and it is usually
subject to being evoked by individual users, so it is not
reliable from a network administrator’s perspective.
Encryption can also be performed at the network layer by general
networking devices for specific protocols. This has the advantage
of operating transparently between subnet boundaries and being
reliably enforceable from a network administrator’s
perspective.
Finally, encryption can be performed at the link layer by
specific encryption devices for a given media or interface
type. This has the advantage of being protocol independent,
but has to be performed on a link-by-link basis.
Institutions such as the military have been using link-level
encryption for years. With this scheme, every communications
link is protected with a pair of encrypting devices-one on
each end of the link. While this system provides excellent
data protection, it is quite difficult to provision and manage.
It also requires that each end of every link in the network
is secure, because the data is in clear text at these points.
Of course, this scheme doesn’t work at all in the Internet,
where possibly none of the intermediate links are accessible
to you or trusted.
What Is IPSec?
IPSec provides network layer encryption.
IPSec is a framework of open standards for ensuring secure
private communications over the Internet. Based on standards
developed by the IETF, IPSec ensures confidentiality, integrity,
and authenticity of data communications across a public network.
IPSec provides a necessary component of a standards-based,
flexible solution for deploying a network-wide security policy.
Privacy, integrity and authenticity technologies protect information
transfer across links with network encryption, digital certification,
and device authentication. Some of the benefits that you get
from these are privacy, integrity, and authenticity for network
commerce. Implemented transparently in the network infrastructure.
In other words, you can just set it up at the router level
or the level that makes sense to you, and your users don't
necessarily have to know that they're implementing IPSec.
You can just define all of the transactions between my company
and this company that happens between, say, ordering and manufacturing
that is going to across IPSec and other traffic will not.
It's an end-to-end security solution that's going to incorporate
routers, firewalls, PCs and servers.
IPSec Everywhere!
IPSec can be in any device with an IPStack,
as shown in the picture. This is an important point, as customers
can deploy IPSec where they are most comfortable:
On the gateway/router: Much easier to install and manage,
as only dealing with a limited set of devices. The network
infrastructure provides the security.
On the host/server. Best end-to-end security, but the hardest
to install and manage. Good for applications that really need
this level of control.
<<Back
[1] [2]
[3]
[4] [5]
[6] [7]
[8] [9]
[10]
[11] [12]
[13]
Next>>
|
