Using Encryption Today

Encryption offers the ability to protect data and authenticate Internet traffic. Encrypted data cannot be disclosed or modified without the appropriate key, and messages can be digitally signed to provide authenticity.

The science of cryptology is an arcane and complex art, best left to experts. Within the last year, we have seen Netscape stumble when it used a predictable random-number generator for creating keys. More recently, Kerberos version 4 was found to have a similar problem; session keys could be guessed by using about two minutes of compute time.

You can successfully leverage encryption today by using firewall products that support it. The way firewall encryption generally works is that you configure the firewall to recognize addresses of other firewalls that support similar encryption. You probably will have to provide keys for each of the remote sites you want to use encryption with, which makes today's interfaces clunky and unmanageable for large networks; using symmetric keys means you will need (n-1) factorial keys to support n sites.

Among the firewall vendors including encryption today are Checkpoint, Raptor, Sun, TIS and V-One. Other vendors sell encryption as an option, and many router vendors, including Cisco, Digital, Livingston Enterprises, Morning Star Technologies and Network Systems, also can provide encrypting tunnels.

When choosing a vendor that offers encryption capabilities, look for support of standards. While there are only proposals for automatic key exchange mechanisms today, there are standard algorithms for encryption, including DES, DES3, IDEA, RC2 and RC4. Avoid proprietary encryption algorithms, which will permit you to talk to only the same vendor's products. What's more, proprietary algorithms haven't stood the test of public perusal and may have undiscovered failings.