Performance Requirements in a Firewall and IPSec

High performance in a firewall is critical. This is driven not only by your end user community, but by some of the applications people plan to use. Today’s performance is being driven by the new technologies.

For instance, some of the multimedia applications like video or audio over the Internet require a high performance firewall.

In the future, as new business applications continue to place increasing demands on networks, performance of your security system will be a critical success factor.

Integrity—Privacy

Next let’s look at some of the different privacy requirements people might have. So following are some of the different methodologies that used to ensure privacy on the network.

   – VPNs IPSec, IKE, encryption, DES, 3DES, digital certificates, CET, CEP

Encryption and Decryption

Encryption is the masking of secret or sensitive information such that only an authorized party may view (or decrypt) it.
Encryption and authentication controls can be implemented at several layers in your computing infrastructure.

Encryption can be performed at the application layer by specific applications at client workstations and serving hosts. This has the advantage of operating on a complete end-to-end basis, but not all applications support encryption and it is usually subject to being evoked by individual users, so it is not reliable from a network administrator’s perspective.

Encryption can also be performed at the network layer by general networking devices for specific protocols. This has the advantage of operating transparently between subnet boundaries and being reliably enforceable from a network administrator’s perspective. 
Finally, encryption can be performed at the link layer by specific encryption devices for a given media or interface type. This has the advantage of being protocol independent, but has to be performed on a link-by-link basis. 

Institutions such as the military have been using link-level encryption for years. With this scheme, every communications link is protected with a pair of encrypting devices-one on each end of the link. While this system provides excellent data protection, it is quite difficult to provision and manage. It also requires that each end of every link in the network is secure, because the data is in clear text at these points. Of course, this scheme doesn’t work at all in the Internet, where possibly none of the intermediate links are accessible to you or trusted.

What Is IPSec?

IPSec provides network layer encryption. IPSec is a framework of open standards for ensuring secure private communications over the Internet. Based on standards developed by the IETF, IPSec ensures confidentiality, integrity, and authenticity of data communications across a public network. IPSec provides a necessary component of a standards-based, flexible solution for deploying a network-wide security policy.

Privacy, integrity and authenticity technologies protect information transfer across links with network encryption, digital certification, and device authentication. Some of the benefits that you get from these are privacy, integrity, and authenticity for network commerce. Implemented transparently in the network infrastructure.

In other words, you can just set it up at the router level or the level that makes sense to you, and your users don’t necessarily have to know that they’re implementing IPSec.

You can just define all of the transactions between my company and this company that happens between, say, ordering and manufacturing that is going to across IPSec and other traffic will not. It’s an end-to-end security solution that’s going to incorporate routers, firewalls, PCs and servers.

IPSec Everywhere!

IPSec can be in any device with an IPStack, as shown in the picture. This is an important point, as customers can deploy IPSec where they are most comfortable:

On the gateway/router: Much easier to install and manage, as only dealing with a limited set of devices. The network infrastructure provides the security.

On the host/server. Best end-to-end security, but the hardest to install and manage. Good for applications that really need this level of control.

Like this post? Please share to your friends:
Computer Network Tutorial
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: