Windows 2000 Server supports several technologies that allow you to encrypt data transmitted across the Internet or stored on a hard disk. These technologies include SSL, Internet Protocol Security (IPSec), and Encrypting File System (EFS). By using encryption technologies, you can cryptographically encode information transmitted and received by your Web server, thereby securing the privacy and integrity of that data. This lesson describes each of these technologies and provides information on how to determine which technology to use and when to implement it.
One of the primary concerns of many Web administrators is how to prevent message flow to anyone other than the intended recipient. One way to ensure privacy is through the use of encryption. Encryption is the process of scrambling data (by applying a mathematical function) transmitted across an unsecured network, such as the Internet, so that an unintended recipient can’t intercept the data. (You can also encrypt stored data.) At the heart of this process is a mathematical value, referred to as a key, that the function uses to scramble the information in a unique or complex way. Once a secure link has been established between a Web browser (on a client) and a Web server, the two systems use a session key to encrypt and decrypt information.
SSL uses a combination of symmetric encryption and public key encryption. Symmetric encryption means that the key used to encrypt data, the session key, is the same as the one used to decrypt it. Public key encryption means that two keys—one public key and one private key—are used to encrypt and decrypt data. Public key encryption is used to shield the session key from interception during transmission.
An SSL connection between the Web browser and IIS must use Hypertext Transfer Protocol Secure (HTTPS) as its protocol type, rather than HTTP. HTTPS instructs the server to use a different port for communication. By default, HTTP uses port 80, but HTTPS uses port 443.
Before a browser can establish an SSL connection with IIS, you must request and install a certificate for the IIS server. You can acquire a certificate from a trusted third party, such as VeriSign. You can also use IIS to request a certificate from Windows 2000 Certificate Services. (Note that a Web server can have only one certificate assigned to it.) A server certificate allows client computers to authenticate your server, check the validity of Web content, and establish a secure connection. The server certificate also contains a public key, which the browser uses to encrypt information about the session key to send to the server.
Figure 10.8 provides an overview of how SSL encryption works. The following list describes each step.
Figure 10.8 - SSL encryption process
The SSL encryption process uses the following steps:
A session key’s strength is proportional to the number of bits that make up the key. Session keys with a greater number of bits have a greater degree of security and are more difficult to forcibly decode. When a browser establishes a secure communication channel with IIS, the client and server negotiate the strongest possible level of encryption. However, the browser must be able to support the level of session key encryption that’s configured in IIS. For example, if you configure IIS to support a session key strength of 40 bits or greater, the Web browser must be able to support at least a 40-bit session key.
You can configure IIS to require a 128-bit minimum session key. However, because of export restrictions, the 128-bit key strength encryption feature is available only in the United States and Canada.
SSL uses a complex encryption process and requires considerable processor resources. As a result, it takes much longer to retrieve and send data from SSL directories. You should use SSL only when encrypting private data, such as authentication data or credit card numbers. You should also try to keep pages free of or limit the use of elements that consume resources but aren’t necessary, such as images and sound files.
SSL works at the application layer of the TCP/IP protocol stack, which is comparable to the application, presentation, and session layers of the Open Systems Interconnection (OSI) model, as shown in Figure 10.9. (Note that IPSec is also shown in the figure. IPSec is discussed in the next section.) As a result, applications that use SSL must be SSL-aware, as are most Web browsers (such as Internet Explorer) and Web servers (such as IIS). For this reason, SSL has become an Internet standard for encrypting data and is relatively easy to implement.
Figure 10.9 - SSL and IPSec in the TCP/IP protocol stack and OSI model
Windows 2000 supports Transport Layer Security (TLS) as well as SSL. TLS is similar to SSL and is considered by many the likely successor to SSL. Although TLS uses a combination of public key and symmetric encryption, it supports different encryption algorithms than SSL and is an Internet Engineering Task Force (IETF) draft standard. Like SSL, applications that use TLS must be TLS-enabled.
Like SSL, IPSec can be used to encrypt and secure data. IPSec is a suite of protocols that allow two computers to communicate over an insecure network through the use of cryptographic security services. The encryption is applied at the IP layer in the TCP/IP protocol suite (the network layer in the OSI model).
As a result, IPSec is transparent to most applications that use specific protocols for network communication, unlike SSL, which provides security only to applications that know how to use SSL. This offers a high level of protection for most applications, services, and upper layer protocols, including Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP). All applications and services using IP for transport can be protected with IPSec without any modifications to those services or applications.
In IPSec communications, IP packets are encrypted by the sending computer and decrypted by the recipient computer. The packets are unreadable en route, providing end-to-end security. In addition, because of a special algorithm used to generate the same shared encryption key at both ends of the connection, the key doesn’t need to be passed over the network.
Figure 10.10 provides an overview of the IPSec communication process. The following list describes the steps.
Figure 10.10 - IPSec communication process
IPSec has many components and options, and IPSec communication is a detailed, complex process. However, at a high level, IPSec communication operates in the following manner:
IPSec authentication methods include Kerberos authentication, public key certificates, and preshared key values. IPSec doesn’t have to be configured on firewalls; however, for IPSec to work, the firewall must be configured to allow certain port and protocol IDs to pass through. In addition, the firewall can’t be performing Network Address Translation (NAT) because IPSec protects the fields within the packets that NAT would normally modify.
IPSec also doesn’t have to be configured on routers or servers along the network path; they simply pass along the packets in the usual manner. However, to use IPSec, the computers on both ends of the communication link must be configured with Windows 2000 and have IPSec security policies defined, so this can limit your use of IPSec for Web-based solutions unless you can restrict your client base to Windows 2000 computers. You can, however, use IPSec within your network to provide an additional layer of security. For example, you might want to use IPSec for communication between your IIS servers on a front-end tier and SQL Server computers on a back-end tier.
When implementing IPSec, you should be aware that it requires a considerable amount of processing power (even more so than SSL), so you must take into consideration system performance when implementing it.
In addition, setting up IPSec, unlike SSL, is a complex process that can involve configuring policies, rules, filters, connection types, and authentication methods. Before implementing IPSec, you should develop a security plan that defines how your security policies will be implemented in your organization.
You can use EFS to protect sensitive data that’s stored on an NTFS partition. It runs as an integrated system service that’s transparent to the file owner and to applications. Only the file owner can open the file and work with it.
EFS uses symmetric key encryption in conjunction with public key technology to provide confidentiality for files, while ensuring that only the file’s owner can access it. EFS uses a symmetric bulk encryption key, called the file encryption key (FEK), to encrypt the file. The FEK is then encrypted by using the public key taken from the user’s certificate, which is located in the user’s profile. EFS uses the encryptor’s private key to decrypt the FEK. To minimize the processor load, EFS encrypts data symmetrically with the FEK and then encrypts and decrypts the FEK asymmetrically with the public and private keys.
Although you can use EFS to encrypt or decrypt data stored on a remote computer, it doesn’t encrypt the data as it’s sent over the network. For that, you must use another technology, such as SSL.
Windows 2000 supports several technologies that use encryption to protect data from network attacks. Three of these technologies are SSL, IPSec, and EFS. Table 10.9 discusses many of the considerations that you must take into account when deciding whether to use these technologies.
Table 10.9 Encrypting Technologies
SSL is an Internet standard commonly used to encrypt data. Applications that use SSL must be SSL-aware, as most Web browsers and Web servers are. SSL requires considerable processor resources, compared to not encrypting and decrypting data. SSL supports authentication through the use of public key certificates.
IPSec works at the IP layer of the TCP/IP protocol stack and is transparent to most applications. This offers a high level of protection for most applications, services, and upper layer protocols. IPSec supports authentication through Kerberos authentication, public key certificates, and preshared key values. However, to use IPSec, the computers on both ends of the communication link must be configured with Windows 2000 and have IPSec security policies defined. In addition, IPSec requires more processor power than SSL.
EFS can be used to protect sensitive data stored on a disk, but it doesn’t protect data transmitted over a network.
In the Internet environment that exists today, you should use SSL to protect data transmitted across the Internet, unless you operate a small site and all your clients are configured with Windows 2000, in which case you might consider IPSec. If you want to add an additional layer of security to your system, you can use IPSec on the back end of your network to protect data transmitted within your private network. For highly sensitive data, you can also use EFS to encrypt that data where it’s stored on a drive.
City Power & Light offers an online service to its customers for reviewing their current and past charges and updating their customer profiles. Customers can access the company’s public site as anonymous users; however, to view confidential information they must enter a username and password. Customers use a variety of browsers and operating systems on their computers, so access must be provided for a diverse user base. Users access the public site at http://www.cpandl.com. From there, they can link to the secure site at https://www.cpandl.com/secure, at which time they’re prompted for a username and password.
Users are authenticated through Basic authentication and their data is protected through SSL. The applications used to access confidential information are located on a virtual directory separate from the public site so that SSL is used only for those pages and for data that must be protected, which saves on processing power. Figure 10.11 provides an overview of the site structure.
Figure 10.11 - City Power & Light Web site
Encryption is the process of scrambling data (by applying a mathematical function) transmitted across an unsecured network so that data can’t be intercepted by an unintended recipient. Windows 2000 Server supports several technologies that allow you to encrypt data, including SSL, IPSec, and EPS. SSL uses a combination of symmetric encryption and public key encryption. Before a browser can establish an SSL connection with IIS, you must request and install a certificate for the IIS server. Applications that use SSL must be SSL-aware, as most Web browsers and Web servers are. SSL has become an Internet standard for encrypting data and is relatively easy to implement, although it does consume more processing power than unencrypted data. IPSec is a suite of protocols that allow two computers to communicate over an insecure network through the use of cryptographic security services. IPSec is transparent to most applications that use specific protocols for network communication; however, only Windows 2000 operating systems support IPSec. IPSec uses more processing power than SSL. You can use EFS to protect sensitive data that’s stored on an NTFS partition. However, EFS doesn’t encrypt the data as it’s sent over the network. For that, you must use another technology, such as SSL.