Advertisment

"Protection of Critical Data Will Always Be a Challenge"

author-image
VoicenData Bureau
New Update

alt="https://img-cdn.thepublive.com/filters:format(webp)/vnd/media/post_attachments/331223dfcafb5ca43618f3fef126e0c70ed1c25c63389e90ee31223a53b20794.gif (24278 bytes)" align="right">

Building robust, secure, and

scaleable networks, capable of supporting E-business, can always be a challenge.

Protecting the privacy of the data exchanged between the communicating E-commerce parties

(applications, customers, corporate sites, etc.) over the public Internet is an essential

component of any E-commerce network.
size="1" COLOR="#016077">Chris Metz,

IP technology consultant, IBM Corp., was in New Delhi and participated in a seminar

"IP Technologies and Solutions for E-business network." In an interview with size="1">Satya Prakash Singh COLOR="#000000">, Metz spoke on the reliability and security aspects of the E-business

networks. Excerpts ...

Advertisment

 

How do you define Internet security? What are the

different manifestations of Internet security?
COLOR="#000000">

Internet security can be defined as the

suite of tools, mechanisms, protocols, and platforms that enable applications to end-users

and businesses to communicate in a secure manner over the public Internet (or corporate

intranet), and be confident that their information, if necessary, will be protected

against unauthorized access. Internet security can take on many different forms: firewalls

that block unauthorized parties from entering a network, IP Security (IPsec) that defines

a special security header for each packet, and the various types of application-specific

security tools (e.g., Pretty Good Privacy, and Secure HTTP) are just some examples.
SIZE="2" COLOR="#016077">

Advertisment

Growth in Internet and E-commerce will attract hackers,

spoofers, and other unscrupulous characters. How can the network carrying

business-critical data be protected?

Protection of critical data will always be

a challenge. But, one of the most important things that the Internet community can do is

to continue to develop and introduce flexible security standards that augment what is

already in place. IPsec is a perfect example. It does not necessarily replace the other

security tools that are effective in their own right but rather compliment them by

providing cryptographically strong security at the IP layer.
COLOR="#016077">

Which are the key encryption technologies that will change

the way business is conducted over the public Net and in private intranets?
SIZE="2" COLOR="#000000">

Advertisment

Key cryptography requires a trusted third

party (Certificate Authority) to manage the distribution of public keys to the respective

end-users. This particular service along with the use of digital certificates will be

needed as a means of authenticating prospective parties that wish to communicate in a

secure manner. Their very existence will facilitate broader acceptance and use of network

security.

What are the flaws in the existing protocols? And how are

the emerging technologies going to tackle those issues?
COLOR="#000000">

face="Times New Roman">



IPsec is the technology that enables one to build and manage secure links over the public
Internet.




Advertisment

IPsec is a sound solution and it provides

security on a per IP packet basis. However, as with any emerging Internet standard, it

will take some time for the end-user communities to adopt and implement these capabilities

and, at the same time, the vendor communities have to make it as simple and cost-effective

for the end-users. In addition, there is the scaling issue that seems to arise with any

widely deployed Internet technology. The Internet Key Exchange (IKE) that the IETF IPsec

working group is working on will address both the simplicity and scaling questions by

enabling IPsec "secure channels" to be dynamically established over insecure

networks (public Internet, for example). This will vastly reduce the current requirement

to manually configure the end-points of an IPsec secure channel.
SIZE="2" COLOR="#016077">

You have endorsed IPsec technology for the secure

Internet. What are the advantages it has over other technologies? How can it ensure secure

transactions?

IPsec possesses several unique and

interesting properties that any network provider will find useful. First, it protects the

contents of each packet no matter where the packet has travelled on the journey from the

source to the destination. Second, a number of different secure channel granularities are

supported ranging from host-to-host traffic to network-to-network traffic. And third,

IPsec can be flexibly deployed on hosts, firewalls, routers, and other devices.
SIZE="2" COLOR="#016077">

Advertisment

You have stated that corporate networks must work with and

through VPN. How is VPN critical for corporate networks in the context of security?
SIZE="2" COLOR="#000000">

Virtual Private Network (VPN) is a logical

network overlaid on top of the public Internet and available to a closed set of end-users

and applications. For the notion of a VPN to exist, the multiple sites of a VPN must be

connected by secure communication links. IPsec is the technology that enables one to build

and manage secure links over the public Internet. Therefore, using the public Internet as

a backbone network transport will enable businesses to dramatically lower their network

costs and facilitate broader electronic communications.
COLOR="#016077">

Do the differentiated services help in enhancing the

security level of a network?

Advertisment

Services (DiffServ) is an emerging

standard that will support different classes of services over IP-based networks. One can

envision how DiffServ can compliment IPsec. For example, it is possible now to prioritize

classes of traffic that are flowing over IPsec-built VPN links. There are a plethora of

web security protocol options available to the end-users.
COLOR="#016077">

Which one do you feel dominate eventually and why? SIZE="2" COLOR="#000000">

Sockets

Layer (SSL) is quite common today and is transparent to the end-user. Another option is

secure HTTP (S-HTTP) but that requires that the end-user type in a special URL (https://).

Web security will continue to evolve along the lines of end-user transparency.

Contributing along similar lines may be proxy servers that could provide additional

security services for a set of web clients.

Advertisment