Republished with permission from WatchGuard Technologies, Inc.
Deploying Crypto, What Are You Waiting For?
Fredrick M. Avolio
Ever since we started using the Internet, we have known that communications over a public network are vulnerable to eavesdropping. Even before the Internet Password Capture Attack of Winter, 1994, we knew we were vulnerable. We knew that when sending e-mail, transferring a file, or logging into a terminal session across a network, others on that network could, if they chose to, read that information.
We also know about cryptography. If we didn't before, the news around the US National Security Agency's attempt to get the world using NSA-created encryption hardware made sure everyone who read a newspaper knew about it. And the controversies regarding the export of strong cryptography go on today.
This note isn't about export issues. Strong cryptography is commercially available all over the world. The title says what this is about: after all this time, considering the threat, the risk, and the available products, why aren't you using crypto products?
When to Use
Crypto Doesn't Have
to be Difficult
Yes, you need a PKI, but you can get away with a very lightweight one to start. And to start using, then deploying, encryption products just takes first steps. What I will do is suggest first steps to take for the organization, or individual, wanting to start to use encryption products.
Step 1: Start
Encrypting Sensitive Files on Your PC
Start routinely encrypting sensitive files. Now, if someone steals your notebook PC, or if someone breaks into your file server and accesses your files, the attacker will find unintelligible data. Show others when the opportunity arises. Oh, and do not forget your passphrase (something you can get away from if you use biometrics -- but that's a subject for another month).
Step 2. E-mail
Step 3. Remote
You will need something on a server-side to support the other end of the encrypted connection. WatchGuard includes remote user VPN options with their LiveSecurity system that allow any Windows client to connect to the home network through the Firebox. Select from either PPTP (included with version 4.0) or the new IPSec versions. A no-cost alternative is an application called Secure Shell (SSH) for Windows, Macs, and UNIX systems. While SSH was created to be an encrypted replacement for Remote Shell (RSH) on UNIX, it also has a facility allowing one to tunnel other services over it.