HP SuperStack Firewall Series Bedienungsanleitung Seite 187

  • Herunterladen
  • Zu meinen Handbüchern hinzufügen
  • Drucken
  • Seite
    / 214
  • Inhaltsverzeichnis
  • FEHLERBEHEBUNG
  • LESEZEICHEN
  • Bewertet. / 5. Basierend auf Kundenbewertungen
Seitenansicht 186
Virtual Private Network Services 187
communications can range in length, but are typically 16 or 32
characters. The longer the key, the more difficult it is to break the
encryption. The reason for this is most methods used to break
encryption involve trying every possible combination of characters,
similar to trying to open a safe when the combination is not known.
Asymmetric vs. Symmetric Cryptography
Asymmetric and symmetric cryptography refer to the keys used to
authenticate, or encrypt and decrypt the data.
Asymmetric cryptography does not use the same key to verify the
data. Asymmetric cryptography is often referred to as public key
cryptography. With public key, each user gets a pair of keys, one called
the public key and the other called the private key. The private key is
always linked mathematically to the public key to be kept secret. All
communications involve only public keys; the private key is never
transmitted or shared, but used to decrypt the message. A user can
generate their own keys using key generation software, or have keys
generated by trusted organizations. Once a key has been generated,
theusermustregisterhisorherpublickeywithacentral
administration, called a Certifying Authority (CA). Organizations, such
as RSA Data Security and Verisign, can help users issue and register
key pairs.
The Firewall VPN uses Symmetric Cryptography. As a result, the key on
both ends of the VPN tunnel must match exactly.
Authentication Header (AH)
The Authentication Header is a mechanism for providing strong
integrity and authentication for IP packets. Confidentiality and
protection from traffic analysis are not provided by the Authentication
Header.
The IP Authentication Header provides security by adding
authentication information to an IP packet. This authentication
information is calculated using all header and payload data in the IP
packet. This provides significantly more security that is currently
present in IP.
Use of AH will increase the processing requirements in the Firewall and
will also increase the communication latency. The increased latency is
primarily due to the calculation and comparison of the authentication
data by the receiver for each IP packet containing an Authentication
Header.
Data Encryption Standard (DES)
DUA1611-0AAA02.book Page 187 Thursday, August 2, 2001 4:01 PM
Seitenansicht 186
1 2 ... 182 183 184 185 186 187 188 189 190 191 192 ... 213 214

Kommentare zu diesen Handbüchern

Keine Kommentare