Chapter 2: Security Protocols and Algorithms


Protocol, n. A standard procedure for regulating data transmission between computers. Algorithm, n. A step-by-step problem-solving procedure, especially an established, recursive computational procedure for solving a problem in a finite number of steps.

– dictionary.com

Why Do I Need to Know This?

Computer security involves a broad—even bewildering—array of concepts, some of which you might have seen for the first time in the preceding chapter. Quite apart from those conceptual underpinnings, if you want to effectively secure your Microsoft Exchange infrastructure, there’s a separate set of security knowledge you need to be familiar with. That’s because knowing which protocol or algorithm can best be used to strengthen a particular security weakness (as well as the flip side— knowing which algorithms to avoid) is a key part of securing your computers. Just as a surgeon has to know the difference between a retractor and a hemostat, you need to know the difference between SHA-1 and SSL.

All of the algorithms and protocols covered in this chapter are widely used and well known because depending on hiding the details of a security process or program, known derisively to experts as “security through obscurity,” never works in the long term. The famous cryptologist Auguste Kerckhoffs was the first to articulate this principle, which in general terms can be stated, “The strength of a system cannot rely on the algorithm remaining unknown.” Think of the trick puzzles you might have seen sold in catalogs: once you know the trick, it’s trivial to solve the puzzle.

Let’s say you have a secret document that you want to protect. If you hide it somewhere in your house, you’re depending on obscurity to protect it, because anyone who stumbles across (or learns of) the hiding place has free access to the document. If you instead lock the document in a bank vault, that’s security—not just because the bank uses multiple layers of security (including alarms, armed guards, motion detectors, and the vault itself), but because the design of the vault has been studied and validated by the American National Standards Institute (ANSI) group that specifies security measures for banks.

Using tested, validated algorithms and protocols is the best way to be secure, because these algorithms and protocols are the only ones that have undergone public scrutiny to ensure that they are as secure as their designers or vendors intended. If you were buying a safe to protect your life savings, you’d want it to be a safe that met the banking industry’s certification requirements, not a cheap unit that you picked up at your local discount store. That said, you wouldn’t choose a safe that cost more than you had in your life savings. As with all aspects of security, cost must be measured against benefits. Microsoft in general, and the Exchange team in particular, has done a good job of choosing Internet-standard protocols to provide security services, although you can augment those protocols with your own choice of hardware or software components.

This chapter is essentially a survey of three classes of information: security-related algorithms that are used to encrypt, authenticate, or otherwise protect data; security protocols implemented or used by Exchange; and security services implemented or used by Exchange.

Note

Because this isn’t a book on cryptography, I’m not including details of how these algorithms work. If you’re interested, the “Additional Reading” section at the end of the chapter provides some good references.




Secure Messaging with Microsoft Exchange Server 2000
Secure Messaging with Microsoft Exchange Server 2000
ISBN: 735618763
EAN: N/A
Year: 2003
Pages: 169

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net