Encryption products for networks can work at many levels, and it is not an easy thing to determine just what techniques you may wish to employ in any given part. In this briefing, we outline the basic capabilities, terminology, and software products available to protect your data from prying eyes.
Each CrossNodes Product Briefing provides an overview of what you need to know before purchasing a specific technology, and include round-up listings of current products from each of the major vendors.
Technology writers and editors take every conceivable opportunity to remind Web-boomers that "everything old is new again". Cryptography has its roots in the first part of the 16th century when the first treatise on the subject was published. Since then virtually every school child has used basic cryptography as a childhood game where a=1, b=2, c=3 and so on.
Cryptography is converting data (or "plaintext") into a secret code for transmission. An encryption algorithm codes the original text into "ciphertext". Once transmitted, the text is decoded (decrypted) back to the original text. The concept is simple as child's play and often is. Modern data encryption is not so simple but an extremely effective security tool. Network managers can choose from sophisticated encryption protection for enterprise or network data as well as lower ended products that will protect Internet transmissions.
Encryption products for networks can be used at several levels and provide a variety of functions. The following list details some product functionally terms:
- Encrypts directory level -- allows users to encrypt a specific directory and any subdirectories that reside below that directory.
- Encrypts folder level -- permits users to encrypt a folder (subdirectory) and any directories below the specified target.
- Encrypts individual files -- enables the encryption of specific files without encrypting other files in the directory.
- Encrypts multiple files -- provides the ability to encrypt multiple files with a single command.
- Disk locking -- encrypts the disk subsystem securing it from outside access by unauthorized users.
- Screen lock feature -- prevents users who do not have the proper keys from entering data to a screen.
- Locks PC/Boot lock -- requires authorization before a user can start the PC.
- Supports public key encryption -- uses an encryption key that is available to the public. The receiving system must know which key is being used in order to decipher the message.
- Supports private key encryption -- implements an encryption key that is available only to that network. Two systems must use the same key to establish data transfers.
- Audit log of access attempts -- maintains a record of all accesses to the system files and data transfers.
Up until a year ago, encryption technology was at a crossroads. U.S. Government regulations limited encryption developers that wanted to export their product, to keys that were 40-bits or smaller unless they had a special permit. This effectively precluded U.S. vendors from competing in international markets. As a result, other countries had created their own encryption methods, and a worldwide standard did not exist. This obviously hurt the growth of a global market, especially in areas like the Internet.
As Congress and the encryption industry debated changes to the U.S. regulations and advances in encryption implementation, federal law enforcement agencies had requested a law to require users to register all keys used in encryption.
In July of 2000, the Clinton administration updated its policies to allow U.S. companies to export encryption products to the 15 members of the European Union (EU) and other European and Pacific Rim allies without a license. Exporters no longer had to undergo a 30-day technical review for shipments to these countries. That coincided with regulations adopted by the EU that eased encryption experts to the same countries.
For additional information on encryption products read Crossnodes Briefing: Encryption, or try the following keywords in your web searches:
- digital signature
- digital certificate
- data security
Vendor listings follow on next page:
Vendor: Applied Software, Inc.
Vendor: Certicom, Inc.
Product: Security Builder
OS(s): Win 95, 98, 2000, NT, ME, CE; Solaris; HP-UX; AIX; Linux
Vendor: Computer Associates, Inc.
Product: eTrust Encryption
OS(s): Win 95, 98, NT; Solaris
OS(s): Win 95, 98, NT
Vendor: Cylink Corp.
Product: Cylink Encryptor Family
OS(s): Win 95, 98, 2000, NT
Vendor: Fortress Technologies
Product: NetFortress Classic
OS(s): Win 95, 98, 2000, NT
Vendor: PC Guardian
Product: Encryption Plus Family
OS(s): Win 95, 98, 2000, NT, ME
Vendor: PGP Security
Product: PGPdisk Encryption
OS(s): Win 98, 2000, NT, ME
Vendor: RSA Security
Product: BSafe Crypto Family
OS(s): Win 98, 2000, NT; Solaris; HP-UX; AIX; Linux