188
C
HAPTER
14: N
ETWORKING
C
ONCEPTS
When DES is used for data communications, both sender and receiver
must know the same secret key, which can be used to encrypt and
decrypt the message, or to generate and verify a message
authentication code. 3Com's implementation of DES uses a 56-bit key.
3Com's DES Key must be exactly 16 characters long and is comprised
of hexadecimal characters. Valid hexadecimal characters are 0, 1, 2, 3,
4, 5, 6, 7, 8, 9, a, b, c, d, e, f.
■
Strong Encryption (Triple DES or 3DES)
Strong Encryption, or Triple DES (3DES) is a variation on DES that uses
a 168-bit key. As a result, 3DES is dramatically more secure that DES,
and is considered to be virtually unbreakable by security experts. It also
requires a great deal more processing power, resulting in increased
latency and decreased throughput.
The 3DES Key must be exactly 24 characters long and is comprised of
hexadecimal characters. Valid hexadecimal characters are 0, 1, 2, 3, 4,
5, 6, 7, 8, 9, a, b, c, d, e, f.
■
ARCFour
ARCFour (ARC4) is used for communications with secure Web Sites
using the SSL protocol. Many banks use a 40-bit key ARC4 for online
banking while others use a 128-bit key. 3Com's implementation of
ARCFour uses a 56-bit key.
ARCFour is faster than DES for several reasons. First is that it is a
newer encryption mechanism than DES. As a result, it benefits from
advances in encryption technology. Second, unlike DES, it is designed
to encrypt data streams, rather than static storage. DES has achieved
much of its popularity because it is well known and has been proven
to be very robust. ARCFour, while theoretically as secure as 56bit DES,
does not have the long history that leads to the wide acceptance by
security professionals.
3Com's ARCFour Key must be exactly 16 characters long and is
comprised of hexadecimal characters. Valid hexadecimal characters
are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f.
■
Security Parameter Index (SPI)
The SPI is used to establish a VPN tunnel. The SPI is transmitted from
the remote Firewall to the local Firewall. The local Firewall then uses
the network, encryption and key values that the administrator
associated with the SPI to establish the tunnel.
DUA1611-0AAA02.book Page 188 Thursday, August 2, 2001 4:01 PM
Содержание 3C16111 - SuperStack 3 Firewall Web Site Filter
Страница 18: ...18 DUA1611 0AAA02 book Page 18 Thursday August 2 2001 4 01 PM ...
Страница 50: ...50 DUA1611 0AAA02 book Page 50 Thursday August 2 2001 4 01 PM ...
Страница 96: ...96 CHAPTER 6 USING THE FIREWALL DIAGNOSTIC TOOLS DUA1611 0AAA02 book Page 96 Thursday August 2 2001 4 01 PM ...
Страница 122: ...122 CHAPTER 8 ADVANCED SETTINGS DUA1611 0AAA02 book Page 122 Thursday August 2 2001 4 01 PM ...
Страница 150: ...150 CHAPTER 10 CONFIGURING HIGH AVAILABILITY DUA1611 0AAA02 book Page 150 Thursday August 2 2001 4 01 PM ...
Страница 152: ...152 DUA1611 0AAA02 book Page 152 Thursday August 2 2001 4 01 PM ...
Страница 166: ...166 CHAPTER 11 ADMINISTRATION AND ADVANCED OPERATIONS DUA1611 0AAA02 book Page 166 Thursday August 2 2001 4 01 PM ...
Страница 174: ...174 DUA1611 0AAA02 book Page 174 Thursday August 2 2001 4 01 PM ...
Страница 178: ...178 CHAPTER 13 TYPES OF ATTACK AND FIREWALL DEFENCES DUA1611 0AAA02 book Page 178 Thursday August 2 2001 4 01 PM ...
Страница 190: ...190 CHAPTER 14 NETWORKING CONCEPTS DUA1611 0AAA02 book Page 190 Thursday August 2 2001 4 01 PM ...
Страница 192: ...192 DUA1611 0AAA02 book Page 192 Thursday August 2 2001 4 01 PM ...
Страница 206: ...206 APPENDIX D TECHNICAL SUPPORT DUA1611 0AAA02 book Page 206 Thursday August 2 2001 4 01 PM ...
Страница 212: ...212 INDEX DUA1611 0AAA02 book Page 212 Thursday August 2 2001 4 01 PM ...
Страница 214: ...DUA1611 0AAA02 book Page 214 Thursday August 2 2001 4 01 PM ...