Read this whole guide offline with no ads, for a very low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

NEW! Network+ N11-003 2005 Beta Exam Study Guide - Just $9!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Network+
 9  Chapter 1000:  Security in the Real World
      9  IX  Data Protection Through Encryption

Previous Topic/Section
Data Encryption on Disk
Previous Page
Pages in Current Topic/Section
1
Next Page
X  Firewalls
Next Topic/Section

Encryption for Data Transmission

In addition to considering encryption for the data stored on internal servers, it’s also worth thinking about encrypting data as it is traveling across the network. There are two basic ways you can approach encryption of data on a network connection:

  • At the Connection level

  • At the Application-specific level

If you apply encryption at the connection level, you’re saying that all traffic between those two points will be encrypted, regardless of its contents. Connection-level encryption is what you have when using VPN technology. IPSec, PPTP and L2TP are examples of connection-level encryption protocols, which run at the lowest possible layers, to encrypt an entire TCP/IP session.

Encryption involves a certain amount of overhead that slows down network communication. Since not all communication is considered sensitive, sometimes it doesn’t make sense to apply encryption to an entire connection. For those cases, you can elect application-specific encryption. This means that your basic network connectivity is not encrypted, but that encryption is employed at specific times.

Different types of communication have different standards for application-specific encryption. For example, when sensitive information like a credit card number or bank balance is transmitted to or from a browser, the SSL (Secure Sockets Layer) encryption mechanism is often used. Each server participating in SSL encryption using public keys must obtain a digital certificate (proof of identity, but not proof of a merchant’s good character) from a certificate authority (a well-known organization which issues digital certificates to entities upon receiving sufficient identification from them).

You can recognize when a web page is equipped to use SSL by looking at the URL prefix. If it is https:, then you are using SSL encryption. If it is just http:, the data is being transferred unencrypted. For example, the following is an example of a URL that will send data in an encrypted format:

https://www.myshoppingsite.com/formsubmit.ext?a=2

The following URL will send unencrypted data:

http://www.myshoppingsite.com/formsubmit.ext?a=2

SSL = RSA @ Application layer

SSL uses RSA encryption at the application layer.

The emerging IPsec standard can use RSA encryption at the session layer.


The Pubic/Private key method, as seen in the popular program PGP (Pretty Good Privacy), is often used for electronic mail. The private key is kept secret, while the public key is distributed for unlocks. To use PGP, you encrypt with the private key, and the receiving person unlocks with the public key. PGP includes a time/date stamp and checks for tampering. Because of its ability to detect tampering, many people who wish to make sure their message gets to intended receivers unaltered will use PGP or another public key encryption technology to distribute the message.


Previous Topic/Section
Data Encryption on Disk
Previous Page
Pages in Current Topic/Section
1
Next Page
X  Firewalls
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Network+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Network+ (http://www.CertiGuide.com/netplus/) on CertiGuide.com
Version 1.0 - Version Date: November 7, 2004

Adapted with permission from a work created by Tcat Houser and Helen O’Boyle.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.