The scenario is all too familiar: computer systems within an enterprise previously thought to be isolated from the outside world become accessible through carelessness and back doors introduced. Your company develops a major new product in secret using its Intranet, hackers creep in and sell the details to the competition or blackmail the enterprise.

Security has long been seen as a major sticking point in the adoption of Internet technology in the enterprise. As networks have grown and connected to the Internet, the spectre of the hacker has haunted managers responsible for both delivering information within the enterprise and to its partners, and protecting it from unauthorised outsiders.

In fact, the security capabilities of the latest Internet and intranet technologies enable companies to control the availability of information and the authenticity of that information better than ever before. The increasing sophistication of both server and client software means that this unprecedented level of security can be provided without requiring users to undergo complex and bureaucratic procedures to gain legitimate access to sites.

Firewalls

For intranet developers, restricting access to the site has been the primary security concern. The simplest way to achieve this is to position the internal site where it cannot be seen or accessed from the Internet at large-behind a firewall. At their simplest, firewalls consist of software which blocks access to internal networks from the Internet. While legitimate traffic such as email is allowed in to the mail server, programs such as search engine spiders or FTP clients cannot access machines inside the safe boundary of the firewall.

Firewalls also offer some protection to users venturing out from the network to the Internet, acting as proxies to fetch web pages so that the name and IP number of machines on the network are not revealed to web sites that they visit-preventing hackers from learning details of the structure of the network.

While the basic firewall remains a fundamental of Internet and intranet security, increasing levels of sophistication are required by many users as access to the corporate intranet needs to be widened beyond those physically present on the same network. Allowing users dial-up access behind the firewall violates basic security principles; restricting them to the same access offered to the rest of the Internet in front of the firewall denies them valuable services.

Web server security

Intranets and extranets are often constructed using Web servers to deliver information to users in a now-familiar form. Username/password authentication has long been used as a mechanism for restricting access to web sites. But because these character strings are themselves passed as clear text, capable of being intercepted and read with simple network management tools, basic passwords do not adequately secure communications.

A significant improvement can be achieved by encrypting communications between a browser and server. The most common way of doing this is to establish a secure connection using a variation on HTTP (the standard web protocol) called the Secure Sockets Layer (SSL). Increasingly, commercial web sites are using SSL to guarantee the authenticity of the server and integrity of the data delivered to web site users, and to protect visitors' responses to interactive elements on the site. Whenever you point your browser to a URL that begins with https://, you are using SSL.

SSL has become fundamental to the spread of Internet commerce, and is being used for an increasing range of transactions across the Internet. However, by default most SSL implementations in web servers do not authenticate the client web browser. In its raw form, therefore, SSL is best suited to the largely anonymous requirements of retailing.

Virtual private networks

One option for widening access is to set up a virtual private network (VPN) using the Internet. A VPN uses software or hardware to encrypt all the traffic that travels over the Internet between two predetermined end-points. This is an ideal solution where limited access to an intranet is required, for example between two sites of the same company requiring access to the same corporate information, or suppliers and customers integrating their supply chains.

A potential weakness of VPN solutions is their relative inflexibility. VPNs work well for creating fixed tunnels from one known point to another, but they are less well suited to situations where access needs to be given on-the-fly to groups of people not necessarily known at the outset, or who need to gain access from a variety of locations. VPN technology at present works best for encrypting traffic between two known points that are accepted as valid destinations for traffic: once a link has been established, the technology is used to encrypt the information which is sent, not for establishing the validity of the destination to which it is being sent.

As more flexible VPN access is required, the prime issue becomes that of authenticating potential visitors to the site and the credentials that they present. Are they who they say they are, or an impostor? With this capability it is possible to open up the system to provide access to a wider range of partners, customers or suppliers.

Certification authorities

One solution for is to use a digital certificate-based solution. Users are given access based on their possession of certificates signed or authorised for access by or on behalf of the server to which they wish to gain access. The certificate acts as evidence of their digital identity. Certificates can also be combined with other access control mechanisms, such as tokens (identification hardware carried by users) or only accepting visitors from certain authenticated addresses.

At the moment this option is most easily achieved with a custom solution combined with a certification authority (CA) server or external CA service, which can issue and revoke certificates and authenticate any certificates presented in order to gain access. This can involve a simple implementation of a public key infrastructure (PKI), a system which establishes a hierarchy of authority for the issuance and authentication of certificates and users presenting them.

Digital certificates can provide a sophisticated means of controlling and monitoring access. The certificate itself acts as a token for access control: the user must present it in order to gain access. In many implementations this can be done automatically: in some implementations the certificate is stored on a separate token such as a smart card which the user has to present to the local client in order for it to pass it to the server to gain access.

Public key infrastructure solutions

The use of public-key based security systems requires considerable care in system design and management. The security of the entire system is ultimately guaranteed by the security of the key used for signing certificates at the top (commonly called the root) of the public key infrastructure. Here specialized hardware can play a useful role.

Normally, all keys that are accessed by the server are held at some point in the main memory of the server, where they are potentially vulnerable to attack (for example, in a server core dump). A higher degree of protection is desirable for the most valuable keys.

A specialized hardware cryptographic module for storing and protecting the signing keys provides an answer. The keys are stored in a strongly encrypted format. When loaded for signing, the keys are decrypted and loaded into the memory of the secure cryptographic module, which then performs all the signing operations on behalf of the server. The keys are never revealed in their unencrypted form to the server, so even if an intruder manages to access the network, the keys will remain safe. Security is further assisted by physical design features of the module; tamper-resistant enclosures and advanced manufacturing techniques protect the keys from physical attack.

The signing of digital certificates is also a computation-intensive process, so it makes sense to consider combining some kind of hardware acceleration of cryptography within the key storage module. This way, keys are rapidly handled within a secure environment and no processing bottleneck is introduced, even when a high transaction throughput is required.

Conclusion

The Internet has the potential to enable economical access to business information for a wider audience than ever before. However, use of the Internet as a medium for sensitive information is not without its dangers. From a security perspective the Internet must be considered a public medium. Data security is therefore an essential component of any Internet-based enterprise solution.

The combination of a public key infrastructure based on digital certificates with secure web server and virtual private network technologies is a powerful toolset for addressing data security in the enterprise. The addition of appropriate physical security for cryptographic keys and adequate performance in processing them can ensure that your security solution is scaleable as well as robust.

The Author

Dr. Stephen N. Cohn, president of nCipher, Inc., is responsible for establishing and building nCipher's presence in the U.S. marketplace. Dr. Cohn manages the day-to-day operations of nCipher's U.S. marketing and sales effort. He also works to secure relationships and partnerships for nCipher in the electronic commerce, data security and Internet communities.

His areas of professional accomplishments have included the design and development of information and network security systems, local-and wide-area data network systems and network design and performance tools. Dr. Cohn has 15 years experience in data networking, starting from the introduction of TCP/IP on the ARPANET in 1983 to the present.

About nCipher

nCipher develops products that simplify the use of cryptography in applications such as Internet security and electronic commerce. nFast is the proven fastest accelerator product line available, and the only accelerator solution available to customers in North and South America, Europe and Asia.