|
"It is impossible for ideas to
compete in the marketplace if no forum for The Business Forum Journal
ENCRYPTION TECHNOLOGY By Jasper Rose
Government
and business leaders must come to terms with the implications of the
War on Terrorism and the cataclysmic events of 2001. People are worried by the terrorist threats
directed at air travel and paper-based mail leading to a definite movement for
less face-to-face meetings and less reliance on traditional mail. Insurance
premiums are rising steeply, thereby forcing organizations to consider
distributed operations. The outcome is a change in the way we conduct business
and far greater use and dependence on electronic communications and networks.
As
organizations move more of their business processes onto these networks to
create new and viable business opportunities or improve efficiency, they are
realizing the implication, that rather than having one security perimeter to
protect, there will be many perimeters with many interconnections. Such
connections are vulnerable to attacks and steps must be taken to minimize the
threat to information during transmission based on a combination of business
needs and network risks.
For
years hackers have been breaking into computer networks. Once we could talk
about the hacker ethic, which said something like, “Information should be
free to all; you can look and explore but don’t touch.” Now, however, we
are seeing an altogether more dangerous phenomenon, the politically motivated
hacker or cyber-terrorist. There is a growing trend for hacker groups to
encourage attacks, as a protest against human rights abuses, lifestyle
choices, environmental issues, or political issues. It is clear that
businesses need to adopt a more diligent approach to network-based attacks on
their critical operations and information. Universal connectivity, coupled
with the reliance on commercial products and service providers, has eliminated
the possibility of absolute protection.
There
are solutions that deliver acceptable security, without exchanging one set of
risks for another that is equally threatening. The answer is defense in depth;
using multi-layer firewalls to keep the terrorists out, authentication to
validate users, intrusion detection and virus protection to discover the
attacks that beat the firewalls, and encryption to protect data. Make no
mistake, when connecting two secured sites with an unencrypted communications
connection, you lose control of the information. Of the choices above, only
However,
encryption per se is no silver bullet. Certainly the right encryption must be
implemented, but it must also be managed securely. Without secure management
even the best encryption can be defeated; it will not keep a skilled attacker
at bay. The encryption and the secure management must be totally reliable and
must have little or no impact on network performance. There remains the
question of what form of networks should be used. Should an organization rely
on the Internet and lP security, such as that afforded by the Internet
Protocol Security (IPSec) standard, or are there other solutions? Of course
IPSec is an answer when an organization is faced with dynamic relationships or
low cost connections with customers or partners. But what about those
business-critical connections that carry the bulk of the corporate
information, is there a better solution? Absolutely.
More
organizations are realizing that private networks are much harder to attack
than those relying on the Internet and few private networks are attacked
successfully. The switched structure of private networks based on frame relay,
Asynchronous Transfer Mode (ATM) and point-to-point lines make them difficult
to access. All the high profile hacker attacks involve the Internet. For
business-critical connections, a private network is more reliable and by far
the most secure option, and recent price developments have meant that there is
little, if any, difference in the cost of operating such networks. Guaranteed
Quality of Service means networks relying on technologies such as ATM and
frame relay have an advantage, but even private networks such as these must be
secured using encryption, because you do not know who can access the fibers,
cable or satellites carrying the information. Business and government leaders are facing a period of great uncertainty where it is clear that the level of threats will not be reduced in the foreseeable future. There will be greater reliance on electronic communications networks carrying data, voice and video traffic, which in turn will face greater threats from cyber-terrorists and cyber-criminals and providing a defense in depth approach to security will greatly contribute to the overall security of your business. But, in the end, encryption, the tool for secure information transmission for electronic communications, will play an ever-increasing role in making today’s world a safer place to do business.
Search the ENTIRE Business
Forum site. Search includes the Business
|
