Hackers truly are hyper to steal your sensitive data. Terrorists wish to bring your network to its knees. Ticked-off employees seek cyber revenge. Whacko grad students are eager to test out their latest diabolical virus. Sound paranoid? Not necessarily. Real, mounting threats are invading the Internet.
As the Internet has evolved, security has turned into priority number one. Although security measures have significantly grown, too many organizations and individuals still ignore it or pay it lip service because it's very complex and expensive to implement. Unfortunately, security is no longer just an option.
Security is still mostly implemented in software in the form of firewalls, authentication, encryption, and other techniques. But increasing network speeds have created an explosion of virtual private networks (VPNs), and the ballooning number of e-commerce transactions has left software lagging speed-wise. Software also is "hackable."
Furthermore, the homeland security push has focused all computer users on securing their local-area networks (LANs), intranets, and Internet connections, as well as their storage-area networks (SANs). Thanks to a new batch of security ICs, security protocols and encryption are now easier to build into secure Web servers, routers, Secure Socket Layer (SSL) accelerator cards, SSL accelerator appliances, load balancers, VPN gateways, layers 4 to 7 switches, and other networking equipment to end the security bottleneck.
HOW INTERNET SECURITY WORKS The two basic types of secure Internet communications are VPNs and e-commerce transactions. VPNs connect LANs at remote facilities or branch offices via the Internet. Direct connections are too expensive, but the Internet can be used to make these interconnections through a VPN. Thus, it will appear that the LANs are one.
VPN security is handled today by the IPsec protocol, an Internet Engineering Task Force (IETF) standard that creates a secure "tunnel" through the Internet. The protocol operates at the network layer (layer 3) of the seven-layer Open Systems Interconnection (OSI) networking model. It employs standard private key bulk encryption methods, such as data encryption standard (DES), Triple-DES (3DES), advanced encryption standard (AES), and RC4, as well as the popular authentication algorithms MD5 and SHA-1. The primary feature of IPsec VPN connections is a minimum number of interconnections and large volumes of data.
The other type of Internet connection enables purchases and personal transactions via the Internet. An enormous number of these transactions occurs daily, and all e-commerce Web sites where purchases are made must incorporate security to protect your credit card number, password, Social Security number, and other private information. Such sessions are handled by the SSL protocol, another IETF standard. Originally developed by Netscape for its browser, SSL is now incorporated into every browser and all e-commerce servers.
Gradually replacing SSL is an upgraded version called Transport Layer Security (TLS). SSL/TLS operate in the session, presentation, or application layers (layers 5, 6, 7) of the OSI model. It uses public key exchange using the RSA algorithm, then turns to RC4, AES, or 3DES for the bulk data encryption along with the MD5 authentication method.
E-commerce transactions are characterized by an enormous number of sessions with customers and clients where very little data actually changes hands. The process that sets up a transaction, called handshaking, is enormously complex and time consuming. An e-commerce server can handle a few hundred of these transactions per second. But as line rates and the number of transactions increase, a server can quickly be overloaded, greatly lengthening the time it takes to set up and process a session.
Reprints
