Using Encryption Today
Encryption offers the ability to protect data and authenticate Internet
traffic. Encrypted data cannot be disclosed or modified without the appropriate
key, and messages can be digitally signed to provide authenticity.
The science of cryptology is an arcane and complex art, best left to experts.
Within the last year, we have seen Netscape stumble when it used a predictable
random-number generator for creating keys. More recently, Kerberos version
4 was found to have a similar problem; session keys could be guessed by
using about two minutes of compute time.
You can successfully leverage encryption today by using firewall products
that support it. The way firewall encryption generally works is that you
configure the firewall to recognize addresses of other firewalls that support
similar encryption. You probably will have to provide keys for each of the
remote sites you want to use encryption with, which makes today's interfaces
clunky and unmanageable for large networks; using symmetric keys means you
will need (n-1) factorial keys to support n sites.
Among the firewall vendors including encryption today are Checkpoint, Raptor,
Sun, TIS and V-One. Other vendors sell encryption as an option, and many
router vendors, including Cisco, Digital, Livingston Enterprises, Morning
Star Technologies and Network Systems, also can provide encrypting tunnels.
When choosing a vendor that offers encryption capabilities, look for support
of standards. While there are only proposals for automatic key exchange
mechanisms today, there are standard algorithms for encryption, including
DES, DES3, IDEA, RC2 and RC4. Avoid proprietary encryption algorithms, which
will permit you to talk to only the same vendor's products. What's more,
proprietary algorithms haven't stood the test of public perusal and may
have undiscovered failings.