User`s guide

ManualsBrandsDigi ManualsComputer equipmentTransPort WR44v2

461

462

463

464

465

466

467

468

469

470

468

DES (64-bit key)

This well-known and established protocol has historically been used extensively in the

banking and financial world. It is relatively “processor intensive”, i.e. to run efficiently at

high data rates a powerful processor is required. It is generally considered very difficult for

casual hackers to attack but may be susceptible to determined attack by well-equipped and

knowledgeable parties.

3-DES (192-bit key)

Again, this is a well-established and accepted protocol but as it involves encrypting the data

three times using DES with a different key each time, it has a very high processor overhead.

This also renders it almost impossible for casual hackers to attack and very difficult to break

in any meaningful time frame, even for well-equipped and knowledgeable parties.

AES (128-bit key)

Also known as Rijndael encryption, AES is the new “de-facto” standard adopted by many

USA and European organisations for sensitive applications. It has a relatively low processor

overhead compared to DES and it is therefore possible to encrypt at higher data rates. As

with 3-DES, it is almost impossible for casual hackers to attack and is very difficult to break

in any meaningful time frame, even for well-equipped and knowledgeable parties.

To put these into perspective, common encryption programs that are considered “secure”

(such as PGP) and on-line credit authorisation services (such as Web-based credit card

ordering) generally use 128-bit encryption.

Note:

Data rates are the maximum that could be achieved but may be lower if other applications

are running at the same time or small IP packet sizes are used.

What is a VPN?

VPNs (Virtual Private Networks) are networks that use the IPSec protocols to provide one or

more secure routes or “tunnels” between endpoints. Users are issued either a shared

“secret” key or “public/ private” key pair that is associated with their identity. When a

message is sent from one user to another, it is automatically “signed” with the user’s key.

The receiver uses the secret key or the sender’s public key to decrypt the message. These

keys are used during IKE exchanges along with other information to create session keys

that only apply for the lifetime of that IKE exchange.

The Benefits of IPSec

IPSec is typically used to attain confidentiality, integrity, and authentication in the transport

of data across inherently insecure channels. When properly configured, it provides a highly

secure virtual channel across cheap, globally available networks such as the Internet, or

creates a “network within a network” for applications such as passing confidential

information between two users across a private network.