Network Systems DesignLine | How to protect data in an IP world

Get the latest news, products and how-to information on network systems. Sign up for the Network Systems DesignLine newsletter, a weekly e-mail guide dedicated to the needs of engineers developing networking equipment and components. Here is our RSS feed.








 Network Systems DesignLine » How-To » Enterprise Networking

 
 HOW-TO : Enterprise Networking

How to protect data in an IP world
By Rod Starrett, CipherOptics Print This Story Send As Email Discuss This Story Reprints

Page 2 of 4

Network Systems Designline
(06/05/2006 9:41 AM EDT)

Rate this article
WORSE | BETTER
1 2 3 4 5
Beyond treatment of symptoms
A robust data protection strategy must go beyond applying solutions to the symptoms. It must solve the real vulnerabilities. The key question to consider is: Where is the best place to defend the enterprise infrastructure? The network is the common denominator. It's also the most likely route for an attack, as most data loss occurs via the network. So the network is where an end-to-end security infrastructure can best be established. A robust data protection strategy should focus on protecting data on the network.

A customer once mentioned to me, "If encryption was free, I would deploy it everywhere, but since it isn't, we need to strategically architect it into the right places and expand encryption when it makes sense."

The foundation of a data defensible architecture
The network's boundaries are disappearing and vulnerabilities are rising. At the same time, the network’s complexity is increasing as more demands are placed on it. Today's corporate networks include storage networks, virtual networks, third-party networks, and wireless networks. How does the enterprise build a data defensible architecture that will protect valuable data on the ever-evolving network?

Forward-looking organizations are recognizing that end-to-end encryption must be the foundation of protecting the company's valuable data. Indeed, at some point everything will be encrypted—the question is not if but when. Let's look at how data can be secured on unprotected networks and what specific solutions exist to build a data defensible architecture.

Protecting the network: IPSec
An excellent foundation for a secure network is established by protecting data packets from their source to their destination. Indeed, when the majority of security attacks are initiated from within the network perimeter, encrypting data as it travels on the core network, as well as when it goes to remote sites, becomes the only effective defense against unauthorized access to data.

IP Security (IPSec), defined by the Internet Engineering Task Force (IETF), is the accepted standard for protecting data in transit over an untrusted network. It is the mandated best practice for securing block-based storage protocols iSCSI, iFCP and FCIP. IPSec provides three levels of data security: Confidentiality, authentication and integrity.

  • Confidentiality: Keeping the data secret. IPSec uses powerful standard encryption algorithms (AES or 3DES) to protect data confidentiality from unauthorized parties.
  • Authentication: Trusting the source. IPSec uses packet authentication to verify who is on the other end of a channel.
  • Integrity: Trusting the data. IPSec uses industry standard hashing algorithms (SHA1 and MD5) to create digital signatures that ensure the data has not been altered in transit.

Building a data defensible architecture
There are four major areas of data protection via encryption today.


Figure 3. The four major areas of data protection via encryption

In each of these areas, companies are asking questions about securing their valuable data. Let's outline some specific solutions, building blocks of a data defensible architecture.

1. Protecting data storage
Data storage is moving at an ever increasing pace to IP based SANs; IP based solutions for business continuity and disaster recovery; and, IP based electronic archiving to offsite tape storage instead of onsite backup tapes shipped to an offsite location. But the highest risk in IP based storage is whenever the storage system touches the IP world. These data protection solutions provide the means to protect data storage.

Deploy secure data replication
Data Security Concern: Today, 25 percent of data replication is done over IP connections, and that number is growing. Data is exposed over the unsecured network.

Solution: Data protection gateways at either end of the connection can secure the data replication channel. This solution provides hot onsite failover and defends against a hack of the replication application by protecting it at the network layer from attacks inside the perimeter and outside the LAN.


Deploy secure backup
Data Security Concern: Electronic archival to a remote tape storage site offers advantages ranging from guarantee of data delivery and recovery to stop of tape loss. But it also exposes the data as it travels on the network.

Solution: High-speed encryption appliances can protect the backup data as it travels between storage sites. A protected continuous backup scheme offers cost savings over secure nightly tape backups guaranteeing security delivery of data to offsite storage.




Page 3: next page Print This Story Send As Email Discuss This Story Reprints

Page 1 | 2 | 3 | 4


 
eSearch  

 Top 5 Most Read
 How-To Stories
1. 2. 3. 4. 5.

 Top 5 Most Read
 News Stories
1. 2. 3.

  • Introduction to Optical Transmission Systems

    		•
  • Optimizing Embedded Systems for Broadband 10 Gigabit Ethernet Connectivity

    		•
  • Interfacing a DS3231 with an 8051-Type Microcontroller

    		•
    The entire library >>  

    		 
     Top 5 Most Read
     Product Stories
    1. 2. 3.

     Sponsor

    EE Times TechCareers
    Search Jobs

    Enter Keyword(s):


    Function:


    State:
      

    Post Your Resume
    -----------------
    Employers Area
    Most Recent Posts
    GE Corporation seeking Lead Systems Analyst in Van Buren Township, MI

    Osram Sylvania seeking Sr Applications Engineer in Danvers, MA

    Accolo, Inc. seeking User Experience Engineer in Reston, VA

    Johnson Controls, Inc seeking Project Development Engineer in Pittsburg, PA

    WhiteHat Security seeking User Interface Engineer in Santa Clara, CA

    More career-related news, resources and job postings for technology professionals


     Tech Library
    ¤ Looking for the appropriate Industry Association? This comprehensive, up-to-date list will take you to the right Web site for the help you need.

    ¤ Got a question about a standard? Here are direct links to resources detailing the industry's most important communications standards.

    ¤ Freshen up on technology, new and old, with these links to interesting and informative tutorials.

    More from TechLibrary
    Welcome to our DesignLine network of web communities. On these sites, we provide practical how-to technical information for engineers and engineering managers involved in Automotive,audio, DSP, DTV, EDA, Industrial Control, Mobile Handset, Power Management, Programmable Logic,RF,Video, and Wireless networking design. Check out the sites and let us know your thoughts.
    		 



    HOME  |  ABOUT  |  FEEDBACK  |  CONTACT
    Career Center | CommsDesign.com | Embedded.com | EE Times | TechOnline
    Planet Analog | DeepChip | eeProductCenter | Electronic Supply & Manufacturing | Webinars


    All material on this site Copyright © 2006 CMP Media LLC. All rights reserved
    Privacy Statement | Your California Privacy Rights | Terms of Service