alt="https://img-cdn.thepublive.com/filters:format(webp)/vnd/media/post_attachments/331223dfcafb5ca43618f3fef126e0c70ed1c25c63389e90ee31223a53b20794.gif (24278 bytes)" align="right">
Building robust, secure, and
scaleable networks, capable of supporting E-business, can always be a challenge.
Protecting the privacy of the data exchanged between the communicating E-commerce parties
(applications, customers, corporate sites, etc.) over the public Internet is an essential
component of any E-commerce network.
size="1" COLOR="#016077">Chris Metz,
IP technology consultant, IBM Corp., was in New Delhi and participated in a seminar
"IP Technologies and Solutions for E-business network." In an interview with
size="1">Satya Prakash Singh
COLOR="#000000">, Metz spoke on the reliability and security aspects of the E-business
networks. Excerpts ...
How do you define Internet security? What are the
different manifestations of Internet security?
COLOR="#000000">
Internet security can be defined as the
suite of tools, mechanisms, protocols, and platforms that enable applications to end-users
and businesses to communicate in a secure manner over the public Internet (or corporate
intranet), and be confident that their information, if necessary, will be protected
against unauthorized access. Internet security can take on many different forms: firewalls
that block unauthorized parties from entering a network, IP Security (IPsec) that defines
a special security header for each packet, and the various types of application-specific
security tools (e.g., Pretty Good Privacy, and Secure HTTP) are just some examples.
SIZE="2" COLOR="#016077">
Growth in Internet and E-commerce will attract hackers,
spoofers, and other unscrupulous characters. How can the network carrying
business-critical data be protected?
Protection of critical data will always be
a challenge. But, one of the most important things that the Internet community can do is
to continue to develop and introduce flexible security standards that augment what is
already in place. IPsec is a perfect example. It does not necessarily replace the other
security tools that are effective in their own right but rather compliment them by
providing cryptographically strong security at the IP layer.
COLOR="#016077">
Which are the key encryption technologies that will change
the way business is conducted over the public Net and in private intranets?
SIZE="2" COLOR="#000000">
Key cryptography requires a trusted third
party (Certificate Authority) to manage the distribution of public keys to the respective
end-users. This particular service along with the use of digital certificates will be
needed as a means of authenticating prospective parties that wish to communicate in a
secure manner. Their very existence will facilitate broader acceptance and use of network
security.
What are the flaws in the existing protocols? And how are
the emerging technologies going to tackle those issues?
COLOR="#000000">
face="Times New Roman"> |
IPsec is a sound solution and it provides
security on a per IP packet basis. However, as with any emerging Internet standard, it
will take some time for the end-user communities to adopt and implement these capabilities
and, at the same time, the vendor communities have to make it as simple and cost-effective
for the end-users. In addition, there is the scaling issue that seems to arise with any
widely deployed Internet technology. The Internet Key Exchange (IKE) that the IETF IPsec
working group is working on will address both the simplicity and scaling questions by
enabling IPsec "secure channels" to be dynamically established over insecure
networks (public Internet, for example). This will vastly reduce the current requirement
to manually configure the end-points of an IPsec secure channel.
SIZE="2" COLOR="#016077">
You have endorsed IPsec technology for the secure
Internet. What are the advantages it has over other technologies? How can it ensure secure
transactions?
IPsec possesses several unique and
interesting properties that any network provider will find useful. First, it protects the
contents of each packet no matter where the packet has travelled on the journey from the
source to the destination. Second, a number of different secure channel granularities are
supported ranging from host-to-host traffic to network-to-network traffic. And third,
IPsec can be flexibly deployed on hosts, firewalls, routers, and other devices.
SIZE="2" COLOR="#016077">
You have stated that corporate networks must work with and
through VPN. How is VPN critical for corporate networks in the context of security?
SIZE="2" COLOR="#000000">
Virtual Private Network (VPN) is a logical
network overlaid on top of the public Internet and available to a closed set of end-users
and applications. For the notion of a VPN to exist, the multiple sites of a VPN must be
connected by secure communication links. IPsec is the technology that enables one to build
and manage secure links over the public Internet. Therefore, using the public Internet as
a backbone network transport will enable businesses to dramatically lower their network
costs and facilitate broader electronic communications.
COLOR="#016077">
Do the differentiated services help in enhancing the
security level of a network?
Services (DiffServ) is an emerging
standard that will support different classes of services over IP-based networks. One can
envision how DiffServ can compliment IPsec. For example, it is possible now to prioritize
classes of traffic that are flowing over IPsec-built VPN links. There are a plethora of
web security protocol options available to the end-users.
COLOR="#016077">
Which one do you feel dominate eventually and why? SIZE="2" COLOR="#000000">
Sockets
Layer (SSL) is quite common today and is transparent to the end-user. Another option is
secure HTTP (S-HTTP) but that requires that the end-user type in a special URL (https://).
Web security will continue to evolve along the lines of end-user transparency.
Contributing along similar lines may be proxy servers that could provide additional
security services for a set of web clients.