Encryption Technology Overview

When prominent Internet sites, such as www.cnn.com, are exposed to security threats, the news reaches all parts of the globe. Ensuring that data across any IP network is secure and not prone to vulnerable threats is one of today's most challenging topics in the IP storage arena (so much so that Cisco released an entirely new CCIE certification track).

Major problems for network administrators include the following:

• Packet snooping (eavesdropping)—When intruders capture and decode traffic obtaining usernames, passwords, and sensitive data, such as salary increases for the year

• Theft of data—When intruders use sniffers, for example, to capture data over the network and steal that information for later use

• Impersonation—When an intruder assumes the role of a legitimate device but, in fact, is not legitimate

The solution to these and numerous other problems is to provide encryption technology to the IP community and allow network administrators the ability to ensure that data is not vulnerable to any form of attack or intrusion. This ensures that data is confidential, authenticated, and has not lost any integrity during the routing of packets through an IP network.

Encryption is defined as the process by which plain data is converted into ciphered data (a system in which plain text is arbitrarily substituted according to a predefined algorithm) so that only the intended recipient(s) can observe the data. Encryption ensures data privacy, integrity, and authentication.

Figure 5-7 displays the basic methodology behind data encryptions.

Figure 5-7 Encryption Methodologies

Figure 5-7 Encryption Methodologies

Data is encrypted and only readable if decrypted by the correct key.

Figure 5-7 demonstrates the basic principles of data encryption, including the following: Step 1 User data is forwarded over the network.

Step 2 Data (clear text) is modified according to a key. The key is a sequence of digits that decrypts and encrypts messages. Typically, each device has three keys:

— A private key used to sign messages that is kept secret and never shared

— A public key that is shared (used by others to verify a signature)

— A shared secret key that is used to encrypt data using a symmetric encryption algorithm, such as DES

Step 3 A mathematical formula is applied to scramble the data. In Figure 5-7, the mathematical formula is applied during Step 2.

Step 4 The data flows throughout the network and can be decrypted only if the correct key is applied.

Encryption can take place at the application layer, the network layer, or the data link layer. Be aware of the following encryption technologies for the written exam:

• Data Encryption Standard (DES)

Cisco IOS routers support the following industry standards to accomplish network layer encryption:

• Digital signature standard (DSS)

• Diffie-Hellman exchange

0 0

Post a comment