Disclaimer: This information comes from sources that cannot be verified. As such, make no assumptions about its completeness or accuracy. We endeavor to keep this information up to date as much as possible. Feel free to send comments/ updates to the Security News Editor.


November 17, 1997, Section: The Intranet/Internet 100

Three types of online security

By Beth Davis

Three technologies have emerged to meet the need for security on the Internet, intranets, and extranets.

Virtual Private Networks

These networks allow data to travel over the Internet on what appears to be a private network.

With a VPN, a secure tunnel is typically set up between a network access point at the service provider's site and a terminating device at the corporate site. The remote user connects to a local Point of Presence (POP) and sends the data to the access point, where the packets are encapsulated via technology standards such as the Point-to-Point Tunneling Protocol, Layer 2 Forwarding, or a combination of the two known as the Layer 2 Tunneling Protocol. Once encapsulated, the packets are sent over the public network to the corporate site.

End-to-end VPNs, from the remote site to the corporate site, can also be established using tools supporting the forthcoming IPSec, a collection of Internet Engineering Task Force (IETF) network security standards that cover encryption, authentication, and key management.

Digital Certificates

Digital certificates vouch for a user's identity when, for example, the user accesses a Web server. Companies can set up their own certificate authorities, which generate and manage digital certificates, or they can outsource to companies such as VeriSign Inc. in Mountain View, Calif.

Still needed are standards for cross- certification, which would enable two certificate authorities operated by two separate entities to validate each other's certificates. By March, the IETF may complete a set of specifications known as the Public Key Infrastructure Exchange.

When combined with encryption via a public key infrastructure, the level of security that a digital certificate provides becomes even higher.

Smart Cards

Similar to credit cards in look and feel, smart cards can include a secure microprocessor that stores an end user's private key for encrypting data and a digital certificate to authenticate the user's identity.

Using a smart card requires a reader at the client site; an application server that challenges the client and verifies the client's response; and a back-end system that includes a certificate authority and directory for the issuance and management of digital certificates and public and private keys.

Smart cards can be expensive, but costs are dropping. Forthcoming standards will help drive costs even lower.

Combine VPNs, digital certificates, new products such as smart cards and intrusion- detection tools, plus old standbys like firewalls and encryption software, and you've got pretty comprehensive security.

Copyright (c) 1997 CMP Media Inc.



[ Back | Home | Products | Security News | Security Links | Download | Resources | Press | Employment | Contact | About ]

CryptoSoft GmbH
Postfach 171
D-61444 Steinbach/Ts.
Fon/Fax: +49 6171 980 4831

Feedback: webmaster@cryptosoft.com
 Copyright ©1995-1998 Cryptosoft GmbH
All Rights Reserved