 |
|
|
|
|
 |
CertiGuide to Network+ 9 Chapter 1000: Security in the Real World 9 IX Data Protection Through Encryption |
|
Encryption for Data Transmission
In addition to considering encryption for the data stored on internal servers, it’s also worth thinking about encrypting data as it is traveling across the network. There are two basic ways you can approach encryption of data on a network connection:
- At the Connection level
- At the Application-specific level
If you apply encryption at the connection level, you’re saying that all traffic between those two points will be encrypted, regardless of its contents. Connection-level encryption is what you have when using VPN technology. IPSec, PPTP and L2TP are examples of connection-level encryption protocols, which run at the lowest possible layers, to encrypt an entire TCP/IP session.
Encryption involves a certain amount of overhead that slows down network communication. Since not all communication is considered sensitive, sometimes it doesn’t make sense to apply encryption to an entire connection. For those cases, you can elect application-specific encryption. This means that your basic network connectivity is not encrypted, but that encryption is employed at specific times.
Different types of communication have different standards for application-specific encryption. For example, when sensitive information like a credit card number or bank balance is transmitted to or from a browser, the SSL (Secure Sockets Layer) encryption mechanism is often used. Each server participating in SSL encryption using public keys must obtain a digital certificate (proof of identity, but not proof of a merchant’s good character) from a certificate authority (a well-known organization which issues digital certificates to entities upon receiving sufficient identification from them).
You can recognize when a web page is equipped to use SSL by looking at the URL prefix. If it is https:, then you are using SSL encryption. If it is just http:, the data is being transferred unencrypted. For example, the following is an example of a URL that will send data in an encrypted format:
https://www.myshoppingsite.com/formsubmit.ext?a=2
The following URL will send unencrypted data:
http://www.myshoppingsite.com/formsubmit.ext?a=2
|
SSL = RSA @ Application layerThe Pubic/Private key method, as seen in the popular program PGP (Pretty Good Privacy), is often used for electronic mail. The private key is kept secret, while the public key is distributed for unlocks. To use PGP, you encrypt with the private key, and the receiving person unlocks with the public key. PGP includes a time/date stamp and checks for tampering. Because of its ability to detect tampering, many people who wish to make sure their message gets to intended receivers unaltered will use PGP or another public key encryption technology to distribute the message.
|
| |||||||||||||||||||
Home - Table Of Contents - Contact Us
CertiGuide for Network+ (http://www.CertiGuide.com/netplus/) on CertiGuide.com
Version 1.0 - Version Date: November 7, 2004
Adapted with permission from a work created by Tcat Houser and Helen O’Boyle.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.