IT Governance, Risk, and Compliance

Jun 29 2009   6:52PM GMT

Trans-border Communication Protection – Part II

Robert Davis Robert Davis Profile: Robert Davis

SSL is a protocol suite enabling in transit security through data encryption, server authentication, and message integrity at four Open Systems Interconnection (OSI) reference model layers. For Internet communications, SSL is normally utilized in conjunction with an entity’s public key infrastructure. Commonly, when the trans-border privacy breach risk is low, the Hyper Text Transfer Protocol Security service is employed with SSL encryption to protect sensitive web packets. Beneficially, where SSL is integrated for required privacy related communication, applications no longer need to implement secure connectivity. Nevertheless, security managers should not interpret SSL deployment as the ‘bullet-proof’ technology that completely defers application communication privacy issues. Specifically, SSL should initiate deployment caution when utilized for mutual application authentication, since there are two different session keys seeking connectivity authorization during bidirectional interfaces. Consequently, each key should be verified before transmitting legally protected data.

Alternatively, IPSec is a protocol suite that enables security at five OSI reference model layers during internetworking communications. The IPSec model is an architecture composed of standard rules for protecting Internet Protocol traffic. These standard rules can be incorporated into transport and tunnel mode encapsulation. Tunnel mode provides two additional header records for sending messages, thus requiring more processing. Neither the application nor the stacking protocol needs to be cryptographically aware, since all designated traffic is encrypted regardless of origin within the entity’s information security perimeter. Possible IPSec issues are network device computational and/or bandwidth overhead.

“View Part I of the Trans-border Communication Protection series here

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: