Protecting data over wide-area networks

Published 25 January 2006

For business to recover from disaster it has to have its data and applications protected; to do that effectively, both hardware and software encryptions are required, and both transmitted information and stored information should be proected

One thing all agree on: The Internet is not secure (hence the work on IPv6). The question, then, is how to secure Internet-based services or applications. Protecting data during transmission is not enough; it must be secure during storage as well. From a technology perspective, encryption is the solution to WAN-based security (banks, for example, use the strongly encrypted FedWire to exchange financial data). The type of encryption that FedWire uses is classified, but equivalents to it in the commercial sector are available with varying degrees of efficiency depending on implementation methodologies. If FedWire transmissions may be characterized as high-transaction volumes and small file sizes, then disaster recovery and archival transmissions typically involve low-transaction volumes and large file sizes. The current standard, Advanced Encryption Standard (AES), is a 128-bit block cipher with a key size of 128, 192, or 256 bits. AES was adopted as an encryption standard by the U.S. government in 2001, and is expected to be used worldwide, as was the case with its predecessors, the Data Encryption Standard (DES) and Triple DES. Alas, DES was successfully hacked by the Electronic Freedom Foundation (EFF) in 1999, and Triple DES was a short-term fix to solve that problem.

Businesses should adopt the approach that both software and hardware encryption methods should be used for encrypting digital data streams. It is more costly, but the alternative will be far more costly.

-read more in George Hall’s InfoStor discussion; and read more about FedWire at this Web site