Transport-level security is the securing of
communications between client and server, and between servers. Although
some organizations put in firewalls or encrypt files, the implementation
of security at the transport-level is yet another level of security
important in the design and implementation of a protected network
environment.
The Need for Transport-Level Security
The very nature of
interconnected networks requires that all information be sent in a
format that can easily be intercepted by any client on a physical
network segment. The data must be organized in a structured, common way
so that the destination server can translate it into the proper
information. This simplicity also gives rise to security problems,
however, because intercepted data can easily be misused if it falls into
the wrong hands.
The need to make
information unusable if intercepted is the basis for all transport-level
encryption. Considerable effort goes into both sides of this equation:
Security specialists develop schemes to encrypt and disguise data, and
hackers and other security specialists develop ways to forcefully
decrypt and intercept data. The good news is that encryption technology
has developed to the point that properly configured environments can
secure their data with a great deal of success, as long as the proper
tools are used. Windows Server 2008 R2 offers much in the realm of
transport-level security, and deploying some or many of the technologies
available is highly recommended to properly secure important data.
Deploying Security Through Multiple Layers of Defense
Because even the
most secure infrastructures are subject to vulnerabilities, deploying
multiple layers of security on critical network data is recommended. If a
single layer of security is compromised, the intruder will have to
bypass the second or even third level of security to gain access to the
vital data. For example, relying on a complex 128-bit “unbreakable”
encryption scheme is worthless if an intruder simply uses social
engineering to acquire the password or PIN from a validated user.
Putting in a second or third layer of security, in addition to the first
one, will make it that much more difficult for intruders to break
through all layers.
Transport-level security
in Windows Server 2008 R2 uses multiple levels of authentication,
encryption, and authorization to provide for an enhanced degree of
security on a network. The configuration capabilities supplied with
Windows Server 2008 R2 allow for the establishment of several layers of
transport-level security.
Note
Security through multiple layers
of defense is not a new concept, but is rather adapted from military
strategy, which rightly holds that multiple lines of defense are better
than one.
Understanding Encryption Basics
Encryption,
simply defined, is the process of taking intelligible information and
scrambling it so as to make it unintelligible for anyone except the user
or computer that is the destination of this information. Without going
into too much detail on the exact methods of encrypting data, the
important point to understand is that proper encryption allows this data
to travel across unsecured networks, such as the Internet, and be
translated only by the designated destination. If packets of properly
encrypted information are intercepted, they are worthless because the
information is garbled.
