Executive Summary by wulinqing

VIEWS: 8 PAGES: 51

									Washington State Patrol ACCESS Encryption Project




    Task Order 1 – Assessment and Planning




         Task 1b – Assessment Report
Executive Summary .................................................................................................................. 5
  Standards ................................................................................................................................. 7
  Deployment scenarios (options)........................................................................................ 7
    Figure 1 .................................................................................................................................. 7
    Figure 2 .................................................................................................................................. 8
    Figure 3 .................................................................................................................................. 9
  Building an Encryption Infrastructure .............................................................................. 9
  Network Layer Encryption Strategies ............................................................................ 11
    GRE (Generic Routing Encapsulation) Tunnels ...................................................... 11
    MPLS (Multi-Protocol Label Switching) ..................................................................... 11
    IPSec.................................................................................................................................... 12
      Transport mode ............................................................................................................ 12
      Tunnel mode.................................................................................................................. 13
      Encapsulating Security Payload (ESP) .................................................................. 13
      Authentication Header (AH) ...................................................................................... 13
      Internet Key Exchange (IKE) ..................................................................................... 13
        Security Association (SA) ...................................................................................... 13
        Security Policy Database (SPD) ........................................................................... 14
  IPSec Connection Models .................................................................................................. 14
    IPSec Model ....................................................................................................................... 14
    Border Gateway Protocol (BGP) .................................................................................. 14
    GRE Model ......................................................................................................................... 15
  Reconciling IPSec and Network Address Translation (NAT) ................................... 15
    NAT Traversal (NAT-T).................................................................................................... 16
    IPSec Pass-through ......................................................................................................... 16
    IKE Passing Through PAT ............................................................................................. 16
    ESP Passing Through PAT ............................................................................................ 16
    Restricted ESP Through PAT Mode ............................................................................ 16
  Encryption techniques ....................................................................................................... 17
    Data Encryption Standards (DES) ............................................................................... 17
    Triple DES (3DES) ............................................................................................................ 18
      The Pros and Cons of 3DES ...................................................................................... 18
    Advanced Encryption Standard (AES) ....................................................................... 18
  Key Management Procedures .......................................................................................... 19
    Secure Key Management ............................................................................................... 19
    Key Generation ................................................................................................................. 19
    Key Use ............................................................................................................................... 19
    Key Archiving .................................................................................................................... 19
    Key Destruction ................................................................................................................ 19
  Asymmetric (public) key encryption ............................................................................... 20
    RSA ...................................................................................................................................... 20
    Digital Signature Algorithm (DSA)............................................................................... 21
  Message Authentication Code (MAC)............................................................................. 21
    Hash Functions................................................................................................................. 21
      MD5 (Message Digest 5) .............................................................................................. 22
    SHA-1 (Secure Hash Algorithm).................................................................................. 22
Public Key Infrastructure (PKI)......................................................................................... 22
Equipment .............................................................................................................................. 23
  Cisco VPN 3000 Series Concentrator v3.6.7.F Concentrators, .............................. 23
  Cisco VPN 3002 Hardware Client ................................................................................. 24
Site-to-site VPN hardware under consideration .......................................................... 25
  Cisco Series 3000 VPN concentrator (model 3030) – firmware FIPS 3.6.7.F...... 25
  The Cisco 3002 VPN Client - firmware FIPS 3.6.7.F ................................................. 25
Hardware Deployment Strategy ....................................................................................... 28
  Resources Not Provided by WSP ................................................................................ 28
  Resources Provided by WSP ........................................................................................ 29
Physical Requirements ...................................................................................................... 30
  Cisco 3030 Concentrator ............................................................................................... 30
  Cisco 3002 Client ............................................................................................................. 30
  Uninterruptible Power Source (UPS) .......................................................................... 30
Physical Security ................................................................................................................. 30
  Serialized Tamper-Evident Labels ............................................................................... 30
  Configuration Files .......................................................................................................... 30
  Key protection................................................................................................................... 31
  Firewall functionality ....................................................................................................... 32
  Access Controls ............................................................................................................... 32
  Management and Configuration Interface Restrictions ........................................ 32
Reliability................................................................................................................................ 33
  Redundant encryption modules for the Cisco 3030. .............................................. 33
  Redundant power supply. .............................................................................................. 33
  Power Source .................................................................................................................... 33
  Dynamic failover............................................................................................................... 33
Addressing single points of failure................................................................................. 33
  Availability of Operational Spares ............................................................................... 34
  Minimum Recommended Operational Spares ......................................................... 34
  Failure Procedures. ......................................................................................................... 34
Scalability ............................................................................................................................... 34
Risk Analysis......................................................................................................................... 35
Testing .................................................................................................................................... 36
  Testing process ................................................................................................................ 36
  Configuring the device to meet FIPS Pub 140-2 standards.................................. 36
  Determining which features of the Cisco 3030 should be implemented. .. Error!
  Bookmark not defined.37
  Bandwidth calculations .................................................................................................. 37
  Configuring firewall rules .............................................................................................. 37
  Determining test environment availability ................................................................ 37
  Developing installation/setup procedure templates .............................................. 37
  Documenting the Cisco 3002 client configuration .................................................. 37
  Developing fault isolation (troubleshooting) procedures ..................................... 37
  Determining the Cisco baseline ................................................................................... 38
  Special equipment ........................................................................................................... 38
  Figure 4 ................................................................................................................................ 39
  Figure 5 ................................................................................................................................ 39
The Crypto Officer Role ...................................................................................................... 40
Network management and auditing ................................................................................ 40
Operational Modes............................................................................................................... 41
  Data initiated ..................................................................................................................... 41
  Continuous Tunnel .......................................................................................................... 41
  Policy and Filters ............................................................................................................. 41
Network Performance Factors.......................................................................................... 42
Operational Impact during Deployment ......................................................................... 42
  Figure 6 ................................................................................................................................ 42
Impact On Existing Network ............................................................................................. 43
Resources .............................................................................................................................. 43
Document Delivery .............................................................................................................. 44
Appendix A - Glossary........................................................................................................ 45
Executive Summary
     The intention of this report is to walk the reader through the issues and options
     requiring evaluation to secure the existing network used by the Washington State
     Patrol (WSP) ACCESS messaging system. The FBI Criminal Justice Information
     Services Division Security Policy Version 4.1, section 7.8 defines the
     requirements which must be met by the ACCESS messaging system.

      This document will explore the possible options for each step, presenting the
      pros and cons of each.

      The ACCESS messaging system uses the Intergovernmental Network (IGN) to
      receive text messages from the regional sites. ACCESS will respond to the
      message and return a text message containing a response. This process is
      asynchronous.

      The IGN is a shared private network over which the WSP has no direct control.
      To conform to the CJIS Security Policy, the method used to secure the ACCESS
      messaging system will require designing a system which will provide end-to-end
      security though the IGN.

      Although the IGN is a shared private network, the characteristics are similar to
      those of a public network. Secure communications over an unsecured network
      require protecting the data by means of encryption protocols. This form of
      protection is usually described as Virtual Private Network.

      Primary areas included in the Assessment Report are:
          Standards                                   Risk assessment methods
          Deployment strategies                       Testing
          Topologies                                  Reliability and scalability
          Encryption schemes                          Impact on regional Sites
It is beyond the scope of this report to make design recommendations.
These will be made in subsequent documents. We are however starting
with the assumption that the design will be predicated on the use of the
Cisco 3030 VPN Concentrator at the head end and on the use of the
Cisco 3002 VPN hardware client and possibly other Cisco devices at
regional sites. This assumption has been made primarily in light of the
familiarity and experience with Cisco devices, particularly Cisco security-
related devices, at the majority of the regional sites in question and at the
WSP network.
At the time of this writing, R System‘s consultants have been able to
obtain only general information regarding the operations of the WSP
ACCESS messaging system. It is our expectation that by the time specific
recommendations appear in the forthcoming design document the R
Systems consultants will have attained a more complete understanding of
the nuances of the ACCESS messaging system.
This assessment report contains statements based on our current
understanding of the WSP ACCESS messaging system and our
expectations as to what will be involved in securing the ACCESS
messaging system in conformance with the requirements set forth in the
CJIS Security Policy v2.4, section 7.8. All such statements are subject to
certain risks and uncertainties that could cause actual results to differ
materially from those anticipated in this report.
Standards
     The WSP ACCESS Encryption Project is designed to address the
     standards and expectations defined in the FBI Criminal Justice Information
     Services Division Security Policy Version 4.1. The CJIS Security Policy
     provides the minimum level of Information Technology security
     requirements determined acceptable for the transmission, processing and
     storage of the nation‘s CJIS data.

      Section 7.8 of the FBI Criminal Justice Information Services Division
      Security Policy deals with encryption. It requires that all CJIS data
      transmitted through any public network segment or over dial-up or Internet
      connections shall be protected with a minimum of 128 bit encryption. Each
      cryptographic module must be certified by the National Institute of
      Standards and Technology‘s Computer Systems Laboratory to ensure that
      it meets the standards set forth in FIPS Publication 140-2, ―Security
      Requirements for Cryptographic Modules‖ This will, in effect, render the
      long established 64 bit Data Encryption Standard of secret key encryption
      and decryption unacceptable for use by the law enforcement community.

      Keeping this in mind, the WSP ACCESS Encryption Project will seek to
      design and deploy an encryption architecture in keeping with both CJIS
      Security Policy and FIPS-Pub 140-2 requirements. These dictate key
      management procedures including key generation, key distribution,
      emergency procedures, key recovery and key escrow, all of which will be
      covered later in this document.

Deployment Scenarios (Options)
     The current deployment model places the Cisco 3030 Concentrator within
     the WSP data center, at the perimeter, outside the WSP firewall.
     Messages received from the regional applications would be
     unencapsulated and decrypted at the concentrator. Data would then be
     passed to the firewall in plaintext.. The link from the concentrator will
     need to be secure so that the plaintext messages are not commingled with
     any other network traffic.

      The following three figures are examples of some possible deployment
      scenarios.

      The scenario represented by Figure 1 would be the most ideal in that the
      Cisco 3002 client would be logically located at the point where the
      message originates from the regional application server. Plaintext data
      would not traverse any intervening network segments.
Figure 1
     Figure 2 represents a scenario where the Cisco 3002 client is located on
     the perimeter of the regional site‘s local area network. This deployment
     would require that the regional site be responsible for maintaining the
     integrity of the data from the regional application server to the point where
     it reaches the Cisco 3002 client.

Figure 2
      Figure 3 represents a deployment scenario where existing equipment
      (router, firewall etc.) would be upgraded to meet the requirements of CJIS
      Security Policy v4.1.

Figure 3




Building an Encryption Infrastructure
      There are a number of ways of establishing secure, reliable connectivity
      over a network. This can be accomplished on either Layer 2 (the Data Link
      Layer) or Layer 3 (the Network Layer) of the OSI reference model. In the
      context of the Internet, these secure connectivity solutions are called
      Virtual Private Networks (VPN), but most of these options are equally
      applicable to private network environments.

      A VPN is a secured private network that uses the public Internet to either
      connect remote users to an organization's internal network or establish a
      seamless connection between the organization's physically isolated sites.
      Since a VPN uses the Internet, it must provide security features like
      encryption and strong authentication to protect the confidentiality of
      internal organizational data.

      It is possible for an organization to create a VPN-like encryption structure
      that can operate within a larger shared private network over which that
      organization has no direct control.
In Washington State, the Intergovernmental Network (IGN) provides a
single dedicated communication link among cities, counties, and state
agencies that require critical access to organizational databases. The
anchor tenants of the IGN are the Department of Health, Washington
State Patrol, Washington Courts, and Department of Social and Health
Services. Operating as a statewide intranet, the IGN gives county health
departments, courts and law enforcement access to critical state
information through a cost-effective network solution.

While the IGN provides a secure channel for a range of governmental
organizations, by the nature of the network, the WSP can exert no direct
control over it. For WSP to adhere to FBI CJIS Security Policy Version 4.1,
section 7.8, it has become necessary for it to create an encryption
infrastructure of its own within the intranet environment of the IGN.

Within such an environment, issues such as configuration and operations
need to be addressed. These must take into account the split in
administrative responsibility between the service provider, in this instance
the IGN, and the service user, in this case, the Washington State Patrol.

A key feature of the larger intranet environment is the control of who can
access what data, which is essentially a policy decision. Policy decisions
are typically enforced at the interconnection points between the different
domains that, in this case, comprise the larger intranet.

The enforcement may be done via a firewall, a router with access list
functionality, an application gateway, or any similar device capable of
applying policy to transit traffic. Policy controls may be implemented within
an individual domain in addition to between domains on the intranet. The
interconnections between these domains or sub-networks themselves
constitute a network, maintained in this instance by the state of
Washington. This larger network could itself be a VPN or, as in the case of
the IGN, a physical network.

The introduction of self-contained encryption structures into this intranet
does not necessarily require any change to the physical network. Keep in
mind that the IGN intranet constitutes a physical network, and any WSP
encryption architecture must be built within the context of that existing
physical network. As the IGN is a routed network, the WSP has no control
over physical and data-link topologies such as ATM or Frame Relay.
Thus, it can be safely assumed that a Layer 2-based VPN-like network
cannot be considered a realistic option.
Network Layer Encryption Strategies

     For the purposes of this project, we will use the terms encryption
     structure and VPN-like network interchangeably to describe a private
     network operating within a larger shared network to establish a seamless
     connection between physically isolated sites with common concerns.
     If the delivery header is at Layer 3 (Network Layer) of the OSI reference
     model, that connection between sites can be defined as a Layer 3 VPN, or
     in this instance a Layer 3 VPN-like network. Common examples of Layer 3
     VPNs are GRE, MPLS, and IPSec VPNs. GRE and IPSec use point-to-
     point connectivity between two sites. MPLS uses any-to-any connectivity
     to the many sites sharing an MPLS encryption structure.

     GRE (Generic Routing Encapsulation) Tunnels
     A generic routing encapsulation (GRE) is a tunnel between two sites that
     have IP reachability. As the private data between the sites is encapsulated
     in a GRE delivery header, this can be described as an encryption
     structure. It is possible to connect numerous sites using GRE tunnels. In
     this model, each site requires only the physical connectivity provided by
     the larger network as all of the connections between sites are over GRE
     tunnels. Although such VPN-like networks using GRE are possible, they
     are rarely used for sensitive data due to the inherent risks and lack of
     strong security mechanisms associated with GRE. In the IPSec section of
     this document, we will refer again to GRE in the context of GREs
     operating under IPSec protection.

     MPLS (Multi-Protocol Label Switching)
     Although MPLS has other applications, the primary motivation for
     deploying MPLS is to create multi-site (meshed) VPNs. MPLS supports
     both Layer 2 and Layer 3 VPNs. MPLS Layer 3 VPNs allow a service
     provider (in this instance the IGN) to provision site-to-site VPNs over a
     shared IP backbone, while maintaining complete logical separation of site-
     to-site traffic (in this case the VPN ACCESS messaging system traffic)
     and routing information.
     Each site-to-site VPN consists of severally geographically dispersed sites.
     IP connectivity between sites is provisioned over the provider backbone.
     There are two basic VPN models:
              The overlay model, in which there would be no exchange of
                 routing information between the WSP ACCESS encryption
                 structure and the IGN
              The peer model, in which routing information would be
                 exchanged between the WSP ACCESS encryption structure
                 and the IGN
     The peer model would appear to be unacceptable because it would call for
     a routing information exchange between the WSP ACCESS encryption
        structure and the larger network (IGN), which would not conform to CJIS
        Security Policy.
        In terms of the overlay model, the question requiring resolution would be
        whether there would need to be more coordination between the encryption
        structure and the larger network than either the WSP or the IGN might be
        prepared to accept.
        One clear downside to sole dependence on an MPLS VPN structure is
        that MPLS does not provide confidentiality, so an integration of IPSEC and
        MPLS encryption would be necessary,
        There are two clear advantages to employing MPLS.
                 One is that it significantly lowers the overhead of maintaining a
                    full mesh between all sites participating in the encryption
                    structure, allowing each site to maintain an encryption-
                    decryption relationship with every other site.
                 The other advantage of using MPLS is that it supports Quality of
                    Service (QOS) enabling a prioritization of packets that would
                    make Voice of IP and multi-media encrypted transmission
                    viable.
        In the case of the WSP ACCESS encryption structure, all encrypting and
        decrypting would occur between the regional sites and the WSP head
        end, not between the regional sites, making a mesh model unnecessary.
        Further, as ACCESS is entirely an asynchronous text-based messaging
        service, support for QOS would be unnecessary.
        Because neither of MPLS‘ clear advantages would be helpful to this
        encryption structure, it would be hard to justify the increased complexity in
        installation, maintenance and trouble-shooting that would be caused by
        the integration of MPLS and IPSec VPN-like networks.

IPSec
        IPSec is a suite of protocols developed to achieve secure services over IP
        packet-switched networks. IPSec services allow for authentication, data
        integrity, access control, protection against replay, and data confidentiality.
        With IPSec, the information exchanged between remote sites can be
        encrypted and verified.

        The IPsec suite consists of (1) protocols for securing packet flows and (2)
        key exchange protocols used for setting up those secure flows.

        To appreciate the IPSec security protocols, you need to understand the
        two IPSec modes:

               Transport Mode
             Used primarily to protect traffic between two hosts. An IPSec
             header is inserted between the IP header and the upper layer
             protocol header.
             Tunnel Mode
             Encapsulates the original IP packet in another IP datagram. An
             IPSec header is inserted between the inner and outer headers.
             Because of this encapsulation with an ―outer‖ IP packet, tunnel
             mode can be used to provide security services between sites on
             behalf of IP nodes behind the gateway router at each site.

      There are two protocols designed to secure packet flows:
                Encapsulating Security Payload (ESP)
                Provides authentication, data confidentiality and message
                integrity
                Authentication Header (AH)
                Provides authentication and message integrity, but does not
                offer confidentiality (which is why it is not used as pervasively as
                ESP).

Internet Key Exchange (IKE)
      The IKE protocol is the one key management protocol standard generally
      used in conjunction with the IPSec standard. IPSec can be configured
      without IKE, but IKE enhances IPSec by providing additional features,
      flexibility, and ease of configuration for the IPSec standard.
      IKE is a hybrid protocol which implements the Oakley Key Exchange and
      Skeme Key Exchange inside the Internet Security Association and Key
      Management Protocol (ISAKMP) framework. (ISAKMP, Oakley, and
      Skeme are security protocols implemented by IKE.)

      Security Association (SA)
      A SA is a basic building block of IPSec. An SA is an entry in the SA
      database (SADB), which contains information between two parties for IKE
      and IPSec. There are two types of SAs
                              IKE or ISAKMP SA
                              IPSec SA

      Both SA types are established between IPSEC peers using the IKE
      protocol. IKE SAs between peers are used for control traffic. There is only
      one IKE SA between peers, and it usually has less traffic and a longer
      lifetime than IPSec SAs.
      IPSec SAs are used for negotiating encrypting algorithms to apply for IP
      traffic between the peers, based on policy definitions that define the type
      of traffic to be protected. Because they are unidirectional, at least two
      IPSec SAs are needed (one for inbound traffic, one for outbound traffic). It
      is possible to have multiple pairs of SAs between peers. IPSec SAs
      usually have more traffic and a shorter lifetime than IKE SAs.
      The establishment and maintenance of both ISAKMP/IKE SAs and IPSec
      SAs is a major function of the IKE protocol.

      Security Policy Database (SPD)
      The SPD provides storage for security policies applied to inbound and
      outbound IP packets.
      The SPD defines these selectors to identify packets that require IPSec
      services:
                       Destination IP address
                       Source IP address
                       Name
                       Data sensitivity level
                       Transport Layer protocols
                       Source and destination ports

IPSec Connection Models
      Connection models are the mechanisms that are used to provide
      protected communication between encryption endpoints. The three most-
      used connectivity models are:
                      IPSec model
                      GRE model
                      Remote access model.

      As the WSP ACCESS Encryption Project is limited to site-to-site
      connectivity, the remote access model (which is user-to-site based) is
      beyond the scope of this document.

      IPSec Model
      The simplest connectivity model is achieved by creating an IPSec
      encryption structure between two sites, which is commonly referred to as
      site-to-site connectivity using the IPSec model.
               Advantages
                     o Conceptually simple to understand
                     o Protects unicast traffic from one subnet to another
               Disadvantages
                     o Not scalable – IPSec proxy statements behave as static
                        routes
                     o Lack of support for IP multicasting prevents use of
                        current dynamic routing protocols.

      Border Gateway Protocol (BGP)
      Normally used as an external gateway protocol, can be used internally. As
      BGP runs on top of TCP, it does not rely on multicasting. However, the
      complexity of this policy-driven path-vector protocol would cause it to be
      considered only as a last resort.

      GRE Model
      The use of GRE tunnels with IPSec transport mode is more secure than
      the GRE tunnel encryption strategy discussed earlier. As GRE tunnels
      support multicasting, the combination of GRE tunnel and IPSec protection
      decouples the dynamic routing requirements, and subnet-to-subnet traffic
      flow from the IPSec protection policy.

Reconciling IPSec and Network Address Translation (NAT)
     NAT is typically used to connect a private network with private IP
     addresses to a public or shared network. Because private addresses may
     not be routable on a larger public or shared network, NAT replaces the
     private IP addresses with addresses that are routable on the larger
     network. Keep in mind that to function, NAT doesn‘t just swap IP source
     and destination addresses, but it may also swap TCP source and
     destination ports, change the TCP sequence and acknowledgment
     numbers, and change IP addresses contained in the data payload. NAT is
     supposed to be transparent to whatever applications it works with, but this
     assumption is not true when NAT is used in conjunction with IPSec.

      AH protects the entire IP packet through a message digest algorithm to
      produce a keyed hash. As the recipient uses the hash to authenticate the
      packet, if any field in the original packet is modified, authentication will fail
      and the recipient will discard the pack. NAT on AH does not work.

      On the other hand, the hash created by ESP does not include the outer
      packet IP header fields. This solves one problem, but leaves others. ESP
      in transport mode will fail. This is true for several reasons. For example,
      ESP authentication will fail if NAT updates the TCP checksum, but TCP
      verification will fail if NAT does not update the checksum.

      In tunnel mode, NAT and ESP can work together when the NAT
      translation is 1:1 on addresses with no multiplexing of inside addresses to
      a single outside address using the transport layer port for differentiation.

      IKE has problems when NAT devices transparently modify outgoing
      packets. If a device depends on incoming packets being sent from UDP
      port 500, IKE negotiation will not even begin as the final packet port will
      not be the expected port. Also, if IKE authentication is based on the IP
      addresses, NAT device changes will cause IKE negotiation to fail.
The easiest way to get around IPSec issues with NAT is to avoid the
problem by performing NAT before IPSec. We are devoting attention to
NAT by including this section in this report because it is possible that at
some of the larger remote sites, the encryption client may have to reside
on NATed address space. If this were the case, there are several other
options for tackling IPSec issues with NAT.

NAT Traversal (NAT-T)
Allows IPSec traffic to travel through NAT points in the network. There are
three parts to NAT-T.
          Determining if the remote client (within the regional site) can
            support NAT-T
          Detecting the presence of a NAT function along the path
            between the peers within the regional site.
          Determining how to deal with NAT using UDP encapsulation.
IPSec Pass-through
Supports IKE and ESP (IP Protocol 50) only in tunnel mode through an
IOS Port Address Translation (PAT) box. As the IP header is not
authenticated in ESP, NAT is able to change IP addresses.
IKE Passing Through PAT
Works because IKE uses UDP port 500. If there is just one device behind
the NAT/PAT box, IKE will pass unmodified as standard UDP traffic. When
there is more than one IPSec device behind the PAT gateway, a unique
delimiter is required to identify the IKE session for each of the IPSec
endpoints.
ESP Passing Through PAT
Needs to use a unique field that is accessible to PAT to multiplex. That
field is the Security Parameter Index (SPI), part of the ESP header,.When
there is just one IPSec endpoint passing through the PAT gateway, SPI
can be used to map to the translation. However, as the IPSec SA is
unidirectional, when more than one IPSec endpoint exist behind the PAT
gateway and they all maintain established connections to the same
remote peer, there is a problem. The returning packets have a different
SPI and the PAT gateway, sitting in the middle, has no way of associating
to associate inbound and outbound SPIs. The next option, ―Restricted
ESP Through PAT Mode‖ addresses that problem.
Restricted ESP Through PAT Mode
Allows PAT to serially establish translation tables on EXP traffic initiated
from inside IPSec endpoints to an outside IPSec endpoint. When the
outside endpoint starts replying, PAT correctly assumes are associated
with the only outstanding IPSec session and binds the two SPIs in the
translation. The next inside IPSec endpoint is now allowed to send ESP
traffic and establish its unique translation map.
Encryption techniques
     Encryption is a process to transform a piece of information into
     incomprehensible form
          Input is called plaintext
          Output is called ciphertext
     Decryption is the reverse process of transforming ciphertext into plaintext.

      Symmetric (secret) key encryption and decryption uses just one key called
      a shared secret key for both encrypting and decrypting data. Until
      relatively recently, encryption was synonymous with symmetric key
      encryption. There are two types of cipher used in symmetric key
      encryption, stream ciphers and block ciphers.

             A stream cipher is one that encrypts a digital data stream one bit
              or one byte at a time. The stream cipher is the older of the two
              symmetric key ciphers and has largely fallen out of use.
             A block cipher is one in which a block of plaintext is treated as a
              whole and used to produce a ciphertext block of equal length.
              Traditionally, a block size of 64 or 128 bits have been used.
              Virtually all symmetric block encryption systems in current use are
              based on a structure called the Feistel block cipher

      How a Feistel network is structured depends on the choice of the following
      parameters and design features:
             Block size
             Key size
             Number of rounds (The typical number is 16.)
             Subkey generation algorithm
             Round function
      Two other considerations in the design of a Feistel cipher are:
             Fast software encryption/decryption
             Ease of analysis

Data Encryption Standards (DES)
      DES was the first widely used block algorithm. In general, DES takes as
      input a 64 bit key, of which only 56 bits are used. Given the technology of
      the 1970‘s, DES was a very successful cipher. As computers got more
      powerful however, simple DES no longer provided the needed security.
      No easy attack has been found to break DES. The simplest method is to
      use brute force to search the keyspace. This involves trying out 255 keys.
      Simple DES can be cracked in a reasonable time and hence cannot be
      considered secure any more.
      In 1998, the RSA Challenge II contest was won by Electronic Frontier
      Foundation. They cracked DES in 56 hours using a supercomputer.
      In 1999, Distributed.net won Challenge III cracking DES in 22 hrs.
      Dedicated hardware can be built to crack DES in a far shorter time than
      those just referred to. For an investment of $1 million, DES can be
      cracked in less than an hour.

Triple DES (3DES)
       In 1999, the National Institute of Standards and Technology (NIST)
       defined 3DES. 3DES uses three stages of DES so it is much more secure
       and suffices for most applications currently.
       There are several ways to use DES three times; not all are Triple-DES
       and not all are as secure. Triple-DES is defined as performing a DES
       encryption, then a DES decryption, and then a DES encryption again.

   The Pros and Cons of 3DES
         Advantages
             It is easy to implement in both hardware and software compared
               to other algorithms.
             It is based on DES which is a very trusted cipher. DES has been
               studied thoroughly for over 25 years now and is proven to have
               sound basics though the key length is too small now.
             It can give an acceptable level of security given the current
               computing power.
             It is much faster than public key cryptography methods like the
               RSA method. This is one of the main advantages of using a
               system like 3DES for extensive message encryption and
               decryption.
         Disadvantages
              Newer algorithms are much faster than 3DES since they were
                built much later, and with performance as an objective they offer
                many features 3DES does not.
              The transmission of the secret key between users is unsafe.
                This is where public key cryptography excels
              The new AES standard has been specified by the U.S.
                government as its standard, so many systems are in the
                process of making the shift to it.

      Advanced Encryption Standard (AES)

      AES, also known as Rijndael, is a block cipher adopted as an encryption
      standard by the US government. It is expected to be used worldwide and
      analyzed extensively as was the case with its predecessor, the Data
      Encryption Standard (DES). It was adopted by NIST as US FIPS PUB 197
      in November 2001 after a five year standardization process.
      AES has a fixed block size of 128 bits and a key size of 128, 192 or 256
      bits. For encryption, each round of AES (except the last round) consists of
      four stages:
                  SubBytes — a non-linear substitution step where each byte
                    is replaced with another according to a lookup table.
                  ShiftRows — a transposition step where each row of the
                    state is shifted cyclically a certain number of steps.
                  MixColumns — a mixing operation which operates on the
                    columns of the state, combining the four bytes in each
                    column using a linear transformation.
                  AddRoundKey — each byte of the state is combined with the
                    round key; each round key is derived from the cipher key
                    using a key schedule.

Key Management Procedures
     Key Management Procedures are described in CJIS Security Policies
     Appendix 9C, ―Guidelines and Recommendations for Effective Encryption
     Key Management‖
     The proper management of cryptographic keys is essential to the effective
     use of cryptography for security. Ultimately, the security of information
     protected by cryptography directly depends on the protection afforded the
     keys.
            Secure Key Management
            Provides the foundation for the secure generation, storage,
            distribution, and translation of keys. One of the fundamental
            principles for Implementing cryptography protecting keys is the
            practice of split knowledge and dual control.
            Key Generation
            The most sensitive of all cryptographic functions. Any inadequacies
            in the implementation of the key generation function or in the
            physical security safeguards of that function will seriously
            undermine the integrity of other cryptographic mechanisms.
            Key Use
                 Cryptographic keys may need special physical protection.
                 Authentication timeout features are important for protecting
                    keys from compromise or misuse.
                 Sign all centrally stored data and encrypt sensitive data,
                    such as secret keys that are used to provide confidentiality.
                 Provide for key recovery capabilities.
            Key Archiving
                     Needed for a sufficiently long crypto-period.
            Key Destruction
            Determines reasonable lifetimes for keys associated with different
            types of users.
                    Handles the deactivation/revocation of keys so that data
                     signed prior to a compromise date (or date of loss) can be
                     verified.

Asymmetric (Public) Key Encryption
    As modern computers began to render many encoding schemes useless,
    Martin Hellman and Whitfield Diffie developed a method that seemed to
    guarantee secure communications without the need for a secret key.
    Public-key encryption is a form of encryption that generally allows users to
    communicate securely without having prior access to a shared secret key
    by using a pair of cryptographic keys, designated as public key and private
    key, which are related mathematically.
    In public key encryption, the private key is generally confined to its
    designated machine, while the public key may be widely distributed. In a
    sense, one key "locks" a lock; while the other is required to unlock it. It
    should not be possible to deduce the private key of a pair given the public
    key.

      Note that most public key algorithms are relatively computationally costly,
      in comparison with many symmetric key algorithms of apparently
      equivalent security. This fact has important implications for their practical
      use. Most are used in hybrid cryptosystems for reasons of efficiency. A
      hybrid cryptosystem is one in which a secret key is generated for each
      message and used to encrypt the message; the much briefer secret key is
      then encrypted to each recipient's public key. The recipient uses the
      corresponding private key to decrypt the secret key, which she then uses
      to decrypt the message.

      RSA
      The RSA algorithm is a public-key cryptosystem that offers both
      encryption and digital signatures (authentication). Ronald Rivest, Adi
      Shamir, and Leonard Adleman developed the RSA system in 1977.

      Here is a simple mathematic description of the RSA algorithm
         Find P and Q, two large (e.g., 1024-bit) prime numbers.
         Choose E such that E and (P-1)(Q-1) are relatively prime, which
             means they have no prime factors in common.
         Compute D such that (DE - 1) is evenly divisible by (P-1)(Q-1).

             Mathematicians write this as                                      , and

             they call D the multiplicative inverse of                            .

          The encryption function is                                  , where T is
             the plaintext (a positive integer).
           The decryption function is                                    , where C is
              the ciphertext (a positive integer).
      The public key is the pair (PQ, E). The private key is the number D (reveal
      it to no one). The product PQ is the modulus. E is the public exponent. D
      is the secret exponent.
      The public key can be published freely because there are no known easy
      methods of calculating D, P, or Q given only (PQ, E) (the public key). If P
      and Q are each 1024 bits long, the sun will burn out before the most
      powerful computers presently in existence can factor the modulus into P
      and Q.
       Given all the popularity around RSA, it is worth it to keep the following in
      mind. It is not yet rigorously proven that no easy methods of factoring
      exist. Also, it is not yet rigorously proven that the only way to crack RSA is
      to factor the modulus.
      Thus encryption and authentication take place without any sharing of
      private keys: each person uses only another's public key or his own
      private key. Anyone can send an encrypted message or verify a signed
      message, but only someone in possession of the correct private key can
      decrypt or sign a message.

      Digital Signature Algorithm (DSA)
      The U.S. Government‘s Digital Signature Algorithm, used in the Digital
      Signal Standard (DSS), is another public key encryption algorithm. This
      one sees a lot of use in the creation of digital signatures.

      The DSA requires three parameters to create a key pair - the prime (P),
      the subprime (Q), and the base (G). These three values are used to create
      a private key (called X) and a public key (called Y).

Message Authentication Code (MAC)
     MAC is created by using the secret key and the message itself is a way to
     check the integrity of information transmitted over, or stored on, an
     unreliable medium, based on a secret key. A keyed-hash message
     authentication code, or HMAC, is a type of message authentication code
     (MAC) calculated using a cryptographic hash function in combination with
     a secret key. You can use a hash function for encryption, authentication,
     and even for a simple digital signature scheme.

      Hash Functions
      Takes a block of data as input, and produce a hash or message digest as
      output. The usual intent is that the hash can act as a signature for the
      original data without revealing its contents. Therefore, it's important that
      the hash function be irreversible - not only should it be nearly impossible
      to retrieve the original data, it must also be unfeasible to construct a data
      block that matches some given hash value. Randomness, however, has
       no place in a hash function, which should completely deterministic. Given
       the exact same input twice, the hash function should always produce the
       same output. Even a single bit changed in the input, though, should
       produce a different hash value. The hash value should be small enough to
       be manageable in further manipulations, yet large enough to prevent an
       attacker from randomly finding a block of data that produces the same
       hash. The two best known and most widely accepted iterative
       cryptographic hash functions are MD5 and SHA-1
              MD5 (Message Digest 5)
              MD5 was designed to be somewhat more conservative than its
              predecessor MD4. It is less concerned with speed and more
              concerned with security. MD5 makes four passes of each 16-byte
              chunk of the message. MD4 had made three. Although still widely
              used, MD5 contains a few flaws discovered in 1996 making it
              slightly weaker, so it has gradually fallen out of favor in deference
              to another message digest function known as SHA-1.

               SHA-1 (Secure Hash Algorithm)
               SHA-1 was proposed by NIST as a message digest function. SHA-
               1 is similar to the MD5 message digest function, but it is a little
               slower to execute and presumably more secure. While MD5 makes
               four passes over each block of data, SHA-1 makes five. SHA-1
               takes a message of length at most 264 bits and produces a 160-bit
               output. (The MD-5 output is 128 bits). NIST has since published
               three more secure hash standards:
                           SHA-256 with a 256-bit output
                           SHA-384 with a 384-bit output
                           SHA-512 with a 512-bit output,
                          
Public Key Infrastructure (PKI)
      Thus far, we have established that a strong (128-bit or stronger) secret
      pair needs to be designated, public-key encryption needs to be put in
      place as the means of safely distributing secret keys to their designated
      locations, and a one-way hash function needs to be established to
      guarantee the integrity of the data being transmitted from sending site to
      receiving site. What remains is a means of assuring that both sites are, in
      fact, the entities that they claim to be.
      If this last step is considered necessary to further secure the encryption-
      decryption process, a second use of the public key, Public Key
      Infrastructure (PKI) comes into play. PKI is a system of digital certificates,
      certification authorities, and, when considered necessary, other
      registration authorities that can vouch for entities and for directory services
     that can store, and when necessary, revoke those digital certificates. A
     PKI consists of
                   A certification authority that issues and verifies digital
                     certificates
                   A registration authority (optional) that acts as a verifier for
                     the certificate authority before a digital certificate is issued
                   One (or more) directories where the certificates (with their
                     public keys) are held
                   A certificate management system
     The certification authority could either be internal residing on a WSP CA
     root PC, for example, or it can be external, handled by an established
     vendor such as Verisign.


Equipment

     Cisco VPN Hardware
     It was decided the prior to the creation of this assessment document that a
     Cisco VPN 3000 Concentrator would be positioned at the head end of the
     WSP ACCESS encryption structure.
               Cisco VPN 3000 Series Concentrator v3.6.7F
               The Cisco VPN 3000 Series offers solutions offer both IP
               Security (IPSec) and Secure Sockets Layer (SSL)-based VPN
               diverse remote-access deployments by connectivity on a single
               platform.
               Models 3030 through 3080 Are certified FIPS Pub 140-2
               compliant
               All Cisco VPN 3000 Concentrators provides the following
               features:
                       Motorola PowerPC CPU
                       Synchronous dynamic RAM (SDRAM) for normal
                          operation
                       Non-volatile memory for critical system parameters
                       Flash memory for file management
               Some of the benefits of the Cisco VPN 3000 Series are:
                       Advanced Endpoint Security—A primary
                          component of Cisco WebVPN v3.6 is the Cisco
                          Secure Desktop, which offers preconnection security
                          posture assessment and a consistent and reliable
                          means of eliminating all traces of sensitive data.
                       Broad application support for SSL VPN—The
                          Cisco VPN 3000 Series Concentrator platform offers
                          extensive application support through its dynamically
                          downloaded SSL VPN client for WebVPN, enabling
                          network-layer connectivity to virtually any application.
         Posture Assessment, Policy Enforcement, and
          Remediation—IPSec-enabled Network Admission
          Control (NAC), is an industry initiative that uses the
          network infrastructure to enforce security policy
          compliance on all devices seeking to access network
          computing resources. NAC features can be used in
          IPSec VPN deployments with the Cisco VPN Client.
         Ease of deployment with zero-touch remote
          endpoint management—Integrated Web-based
          management on Cisco VPN 3000 Series
          concentrators provides a simple interface to configure
          and monitor all remote-access users, providing ease
          of manageability across both IPSec and SSL VPN
          environments.
         Cisco VPN Client Software is Provided with All of
          the Cisco VPN 3000 Series Models, The software
          includes unlimited distribution licensing. Cisco
          WebVPN is also provided with no additional licensing
          fees, and enables full network access to virtually any
          application.
         Both Redundant and Non-Redundant
          Configurations are Available. This allows customers
          to build the most robust, reliable, and cost-effective
          networks possible.

Cisco VPN 3002 Hardware Client
The Cisco VPN 3002 Hardware Client was designed to
communicate with a VPN 3000 Series Concentrator to create a
virtual private network across a TCP/IP network (such as the
Internet). The 3002 client:
             Provides an alternative to deploying the VPN
               software client at remote locations.
             Is located at a remote site (like the VPN software
               client).
             Provides a secure connection to a VPN
               concentrator at a central site.
             Requires minimal configuration.
The secure connection between the VPN 3002 and the VPN
Concentrator is called a tunnel. The VPN 3002 uses the IPSec
protocol to negotiate security parameters, create and manage
tunnels, encapsulate packets, transmit or receive them through
the tunnel, and un-encapsulate them. It can support a single IP
network.
The 3002 Hardware Client was preceded by a software
application, Cisco VPN client, designed to run on Windows,
               Linux, Solaris and Mac operating systems. The Cisco VPN
               Client is included with all models of Cisco VPN 3000 Series
               concentrators, Cisco ASA 5500 Series security appliances, and
               most Cisco PIX 500 security appliances.
               The VPN 3002 Hardware Client provides an alternative to
               deploying the VPN Client software to PCs at remote locations.
               Like the software client, the VPN 3002 is located at a remote
               site, and provides a secure connection to a VPN concentrator at
               a central site.

Site-to-site VPN Hardware under Consideration

         Cisco Series 3000 VPN Concentrator (model 3030) – firmware FIPS
         3.6.7.F
         The Cisco VPN 3030 Concentrator is a VPN platform designed for
         medium-sized to large organizations that require from full T1/E1
         through T3/E3 (50 Mbps maximum performance). The Cisco VPN
         3030 Concentrator offers support for up to 1500 simultaneous IP
         Security (IPSec) sessions or 500 simultaneous clientless sessions.
         Specialized Scalable Encryption Processing (SEP) modules perform
         hardware-based acceleration. The Cisco VPN 3030 Concentrator can
         be upgraded to the Cisco VPN 3060 in the field. Both redundant and
         non-redundant configurations are available.
         The Cisco VPN 3030 Concentrator offers:
                     One SEP-E module for hardware-based encryption
                     Single power supply
                     Expansion capabilities:
                           o Up to three additional SEP modules for maximum
                              system throughput and redundancy
                           o Optional redundant power supply
                     Three 10/100BASE-T Ethernet interfaces (auto-sensing)
         The Cisco 3002 VPN Client - firmware FIPS 3.6.7.F
         Available in two modes, client and network extension, the Cisco VPN
         3002 can be configured to either emulate the operation of the Cisco
         VPN client, or to establish a secure site-to-site connection with the
         central site Cisco Easy VPN Server device. Both modes use the Cisco
         Easy VPN push-policy features and scale to large deployments.
              The Cisco 3002-8e VPN client - firmware FIPS 3.6.7.F
                The Cisco VPN 3002-8e Hardware Client is identical to the 3002
                except that an 8-port switch is included.
         Cisco PIX Firewalls functionally compatible with VPN Series 3000
         Concentrator
         PIX firewalls are functionally compatible with the VPN Series 3000
         Concentrator. Both the firewall and the concentrator, employing IPSec,
         can use public key encryption and hash functions to safely transport
and authenticate a secret key from one device to the other, allowing
the established secret key pair to encrypt and decrypt data from the
one to the other. As indicated by the Cisco diagram below, encryption
is established between the PIX outside IP address and the
Concentrator outside IP address, avoiding IPSec/NAT issues.




   As of this writing, however, their encryption capabilities have not
   been validated for FIPS Pub 140-2.

      Various Cisco VPN modules – Cisco offers a wide range of
       VPN modules that can be installed in a number of Cisco routers.
       The Cisco 1700, 2600, 3600, and 3700 Series VPN Modules
       provide up to ten times the performance over software-only
       encryption by offloading the encryption processing from the
       router central processing unit (CPU).- functionally compatible
       with VPN Series 3000 Concentrator

      Devices and modules meeting CJIS Security Policy
       Requirement
       Section 7.8 of the FBI Criminal Justice Information Services
       Division Security Policy requires that all CJIS data transmitted
       through any public network segment or over dial-up or Internet
       connections must use an encryption device or module certified
       by the National Institute of Standards and Technology‘s
       Computer Systems Laboratory to ensure that it meets the
       standards set forth in FIPS Publication 140-2. It is true that
       technically, encrypted data traveling over the IGN between the
       WSP head end and a regional site would not travel over a public
       network. It can be safely assumed, however, that in the eyes of
       the CJIS, a shared network over which the WSP exerts no
       control would be considered a public network.
      CJIS designates two types of FIPS 140-2 validation for
       encryption products.
            Type 1 refers to a complete product with FIPS 140-1/140-
              2 validation
           Type 2 refers to a non-validated cryptographic product
            with embedded cryptographic module(s) with FIPS 140-
            1/140-2 validation
           While both levels of assurance are acceptable according
            to CJIS security policy, there is an assumption that Type
            1 assurance is somewhat preferable to Type 2.
           NIST-approved testing labs will not consider a Type 2
            product, (one where the embedded module is already
            designated as Type 1), for FIPS 140-2 validation.
           As it‘s relatively easy to correctly implement an
            embedded cryptographic module, Type 2 products are
            considered low risk.

   VPN Software
    There are a wide range of software applications (VPN clients
    and VPN enabled firewalls) that could be installed on a server
    and configured to share secret keys (and otherwise perform
    encryption and decryption functions) with a Cisco VPN Series
    3000 concentrator.
    There are downsides to deploying a software client on a
    hardware server.
     Unlike a VPN appliance that would serve to offload the
       encryption processing from the CPU onto its own processor,
       VPN software could place strains on its host computer‘s
       CPU. Even a server hardened to function as a dedicated
       VPN client would have greater latency and not be as secure
       a solution as a device or module specifically built for that
       purpose.

       As stated above, Section 7.8 of the FBI Criminal Justice
        Information Services Division Security Policy presumably
        requires that all CJIS data, transmitted over a shared
        network over which the WSP exerts no control, use an
        encryption device or module certified by NIST Technology‘s
        CSL to ensure that it meets FIPS 140-2. As of this writing, no
        VPN software application meets the standards set forth in
        FIPS Pub 140-2.

   Interoperability
    Multi vendor environments can present challenges when using
    IPSec to create an encryption structure. IPSec is an evolving
    standard that has been interpreted differently by various
    vendors. Extensive testing may be required at a regional site not
    using Cisco to ensure reliable interoperability.

   Equipment Procurement
                Equipment needed to deploy the encryption structure described
                in this document will be procured by the Washington State
                Patrol in a timely fashion, using its established procedures for
                dealing with recognized vendors.

Hardware Deployment Strategy
     The following discussion pertains to WSP‘s role in deploying or assisting
     in the deployment of encryption devices, modules or software at regional
     sites related to the implementation of the Non-WSP ACCESS Encryption
     Project.

      Resources Not Provided by WSP
         Equipment functionality
         Compliance with standards
           Existing equipment at the regional sites may already have
           compliant equipment (already have implemented FIPS 140-2
           compliant VPN solutions) which can be used for the project. Would
           they be able to tunnel via the IGN or is this Internet focused?
           Each regional site may already have the capability of encrypting
           and decrypting data flowing through a tunnel to the WSP head end
           concentrator. It needs to be determined whether the existing
           equipment in its current configuration will be able to continue in its
           present function (such as focusing on the Internet) and at the same
           time participate in tunneling via the IGN. Would some form of
           hardware, software or firmware upgrade be necessary to
           accomplish this?
         WSP participation in upgrading existing regional site
           resources
           In order for WSP to lend assistance to the remote site‘s upgrading
           process, it must be determined that the equipment in question has
           FIPS Pub 140-2 validation.
           Each regional site choosing upgrade assistance option will need to
           provide detailed information on the device to be upgraded.. This
           information will be used to determine compliance with FIPS 140-2,
           either at a Level 1 or Level 2 certification and whether such an
           upgrade is considered to be technically viable..
           In addition to device-specific information (make, model, software
           version, expansion slots available, existing memory, etc.), data on
           CPU utilization and other performance parameters should be
           included. This will help to ensure that upgrading the device will not
           adversely affect performance.
           The WSP ACCESS Encryption Project needs to establish policies
           regarding assistance to regional sites. If a piece of encryption
           regional equipment at a regional site is functionally able to
           participate with the WSP head end concentrator in the encryption-
       decryption process, but does not meet CJIS/FIPS140.2 standards,
       will WSP be willing to provide upgrades or otherwise assist in the
       upgrading process?
       It also must be determined who will be responsible for the
       procurement of materials needed for the upgrade.
      WSP upgrade responsibilities.
            Under circumstances where the WSP has agreed to
               participate in the upgrade process, it needs to be determined
               what role it will play in covering the loss of functionality
               caused by failures occurring during upgrade process.
            In instances where the WSP is supplying upgrade materials,
               it also must be determined as to who will be responsible for
               labor costs: the WSP, the regional site, or will the costs be
               shared between them?
            Upgrades to regional equipment might include hardware
               and/or software, for example:
                     Installation of encryption modules
                     Memory upgrades
                     Software or firmware operating system.
      Back-ups of “Running Configuration”
       Prior to installing upgrades, regardless of type, multiple back-ups
       should be performed to ensure that the device can be returned to
       an operational state if problems are encountered.
      Upgrades may require alterations to existing configurations and
       policies. Consequently, it will need to be determined which party
       will assume responsibilities for testing and auditing these.
      Identification of issues which could affect deployment schedules.
      IT staff often have limited time to support the implementation of
       new equipment, processes, and procedures. Current tasks may
       have higher priorities. .A key task in planning for such an upgrade
       is the development and implementation of a deployment schedule
       that takes the availability of those participating in the deployment
       into account.

Resources Provided by WSP
   In situations, where appropriate equipment does not exist, some of
     the same questions need to be asked. Will the WSP be responsible
     for furnishing the equipment. and, if so, will the requirements for
     FIPS Pub 140-2 validation apply? Related issues need to be
     agreed upon in advance by both parties. For example if a WSP-
     provided piece of client encryption hardware is damaged at the
     regional site, who is responsible for repairing or replacing it?
             Another issue that might need to be dealt with, could be the impact
              at regional site of additional equipment being installed at the
              network perimeter (for example internal auditing systems).



Physical Requirements
      Cisco 3030 Concentrator
      This device is rack mountable and requires two rack units of space, (w
      17.5 x d 14.5 x h 3.5). One option, covered in the Reliability section, would
      be the installation of a second Cisco 3030 for redundancy. Unit weight is
      28 lbs. The unit generates between 35 to 50 watts of heat. (119 to 170
      BTU/hr) The normal operating temperature will range from 32° to 131°
      Fahrenheit.
      The Cisco 3030 concentrator requires one grounded outlet for each
      internal power supply. The Cisco 3030 concentrator may be configured
      with one power supply or two for redundancy (1+1).

      Cisco 3002 Client
      This device is small (1.967h x 8.6d x 6.5w in) and can be wall mounted or
      placed on a shelf. The unit uses convection cooling and requires three
      inches of unobstructed space around the unit. Normal operating
      temperature will range from 32° to 120° Fahrenheit.
      The 3002 uses an external power supply with a four inch cord to the unit
      and requires a single outlet.

      Uninterruptible Power Source (UPS)
      The Cisco 3030 Concentrator and the Cisco 3002 client should be
      connected to either a stan-alone battery backup unit (UPS) or to the
      facility‘s UPS.

Physical Security
      Serialized Tamper-Evident Labels
      Using tamper-evident labels on all equipment associated with the
      encryption project provides proof that the equipment has not been
      tampered with. Serial numbers must be maintained in a log. Periodic
      inspection is suggested. Policy should dictate that maintenance on any
      equipment that requires breaking of the tamper-evident labels requires
      that new tamper-evident labels be placed on the equipment and logged.
      Replacing the tamper-evident label should be considered as a
      requirement to close a ―trouble-ticket‖. (Tamper-evident labels are
      available from Cisco under part number CVPN3000FIPS/KIT.)

      Configuration Files
      The ―running configuration‖ should be backed up before any changes are
      made to the Cisco 3030. Once changes have been made, tested and
    audited, another back-up should be created. This process should be
    documented and included in the WSP procedures guide.

    Key Protection
    The term ―key protection‖ can be applied to both the secret key, used in
    symmetric key encryption and the private key, used in asymmetric key
    encryption.
    A secret key, used in symmetric key encryption, is an encryption and
    decryption key that is randomly generated to ensure the security of a
    communications session between a user and another computer or
    between two computers. It must be transmitted between the two
    confidants. Either side can design the key and send it to the other, or they
    can agree to each design half and exchange half, but this does not get
    around the fundamental problem. Any eavesdropper who can intercept
    their messages can also acquire the key, thereby breaking the code.
    Consequently, the more secure, but slower asymmetric (or public) key
    encryption is increasingly used for the distribution of secret keys. An
    asymmetric encryption system uses two keys -- a public key known to
    everyone and a private key known only to the key owner and not shared
    with anyone.
    According to FIPS Publication 140-2, cryptographic (or encryption) keys
    are ―stored within a cryptographic module shall be stored either in plaintext
    form or encrypted form. Plaintext secret and private keys shall not be
    accessible from outside the cryptographic module to unauthorized
    operators. A cryptographic module shall associate a cryptographic key
    (secret, private, or public) stored within the module with the correct entity
    (e.g., person, group, or process) to which the key is assigned.‖
    FIPS Pub 140-2 requires that key storage is the responsibility of the
    Crypto Officer which it defines as ―an operator or process (subject), acting
    on behalf of the operator, performing cryptographic initialization or
    management functions.‖ The Crypto Officer role is ―assumed to perform
    cryptographic initialization or management functions‖.
    The following list is a summary of the security rules that the Crypto Officer
    (administrator) must configure and enforce on the VPN Concentrators:
o   Only FIPS-approved cryptographic algorithms to be used
o   TFTP administrative access method must not be allowed
o   Only the IPSec protocol may be enabled for protection of traffic; all other
    protocols for protecting data must be disabled.
o   When using HTTPS to protect administrative functions, only the TLS
    protocol may be used for key derivation. The SSL protocol is not compliant
    with the FIPS 140-2 standard.
o   The Crypto Officer must change the default password and choose a
    password that is at least 6 characters long.
o The Crypto Officer must not perform firmware upgrades in a FIPS mode of
  operation.
o The Crypto Officer must define RADIUS and TACACS+ shared secret
  keys that are at least six characters long.


   Firewall functionality
   The current plan is to place the Cisco 3030 at the perimeter of the network
   outside the WSP firewall. The trusted (private) interface will pass
   unencrypted data to the WSP firewall. This configuration will leave the
   untrusted (public) interface of the Cisco 3030 exposed. The Cisco 3030
   has limited capabilities to protect the untrusted interface through ―firewall
   like‖ policies. These policies are limited as they only cover three types of
   traffic (TCP, UDP and ICMP) and can only be configured to either allow or
   drop traffic.

   If the firewall functionality built into the Cisco 3030 concentrator does not
   provide sufficient protection, it may be necessary that an additional firewall
   appliance be installed between the network perimeter and the Cisco 3030
   Concentrator.


   Access Controls
   At larger regional sites, access to the Cisco 3002 may not be an issue. At
   smaller regional sites, consideration of where the Cisco 3002 is placed
   may be of concern. Template documentation and other assistance will be
   provided to aid in the physical placement of equipment. This will vary
   depending on the type of deployment being implemented.

   Management and Configuration Interface Restrictions
   To comply with FIPS 140-2, the management and configuration interfaces
   are restricted by design. This may require changes to the normal
   operation of the management consoles used in the data center. For
   example, administrators may be used to using telnet to access devices for
   monitoring and configuring equipment. Telnet is restricted under FIPS
   140-2. Procedures will have to be reviewed and possibly modified to
   accommodate these restrictions. The following interfaces may be used for
   management and configuration of the Cisco 3030 Concentrator:
           HTTPS (using TLS)
           Console port (serial)
           SSH
   The following Interfaces are not allowed under FIPS 140-2 for
   management and configuration of the Cisco 3030 Concentrator:
           FTP
           HTTP
           Telnet
                Telnet over SSH

Reliability
      Redundant Encryption Modules for the Cisco 3030.
      The Cisco 3030 supports two SEP-E modules which can operate in a
      failover mode. Note: This effectively makes the 3030 into a 3060.
      Redundant power supply.
      The Cisco 3000 series concentrator has provisions for redundant power
      supplies. The redundant power supplies are configured in a 1 + 1
      redundancy. In the event, one power supply fails, the second power
      supply takes over. The power supplies are not hot swappable.
      Consequently, downtime will be required when replacing a failed unit.
      When one power supply fails, the alerts are sent based on the nature of
      the alert configuration.
      Power Source
      As noted above, all units should be connected to either a stand alone
      battery back-up UPS unit or the facility UPS system.
      Dynamic failover
      Unlike the Cisco router, which uses Hot Swappable Dynamic Protocol
      (HSRP) to facilitate dynamic fallover, the Series 3000 Concentrator uses
      the Virtual Router Redundancy Protocol (VRRP), another proprietary
      protocol, for the same purpose, to eliminate the single point of failure
      inherent in the static default routed environment.
      VRRP specifies an election protocol that dynamically assigns
      responsibility for a virtual router (a VPN 3000 Series Concentrator cluster)
      to one of the VPN Concentrators on a LAN. The VRRP VPN Concentrator
      that controls the IP address(es) associated with a virtual router is called
      the Master, and forwards packets sent to those IP addresses. When the
      Master becomes unavailable, a backup VPN Concentrator takes the place
      of the Master.
      To accomplish this, two hubs are required, one used to connect the
      untrusted interfaces and the other to connect the trusted interfaces.
Addressing Single Points of Failure.
       Deploying the Cisco 3030 in a redundant configuration may not improve
      reliability if other single points of failure exist in the current network
      topology at the WSP Data Center. Single points of failure could include a
      single router to the IGN, hubs or switches between the router and the
      logical location of the Cisco 3030 in the perimeter network. Below are
      some additional single points of failure that will need to be evaluated.
            At those regional sites where WSP has supplied the 3002 client,
               the hardware client and the external power supply both constitute
               single points of failure. Regional sites may have additional single
               points of failure.
             At those regional sites where the Cisco 3002 client is installed
              (either at the perimeter or inside the perimeter), other equipment
              could also have an impact on the points of failure,
           When installing the concentrator at the head-end, the single points
              of failure in this topology will need to be determined.
      Availability of Operational Spares
           Equipment available ―off the shelf‖ allows for fewer spares to be on
              hand for operational units.
           The lead time involved in the WSP procurement process may
              suggest the need for higher sparing levels.
           The need for spares may be reduced by means of support
              contracts. The cost and extent of such contracts will need to be
              established.
      Minimum Recommended Operational Spares
      In the event of equipment failures, the Mean-Time-To-Repair (MTTR) can
      be reduced with proper sparing levels. Spares should be considered for
      the following:
               3002 client units
               External power supplies for the 3002
               Encryption modules for the 3030
               Power supplies for the 3030.
               Memory modules for the 3030
      Failure Procedures.
      In the event of a device failure at a regional site:
           Escalation procedures must be defined and in place
           Procedures must be in place for the prompt delivery of replacement
              units
           Responsibility for the ongoing support of equipment must be
              determined. Will it be up to the regional site, the WSP, or shared
              between them?
           The certification process for the encryption modules may require
              the module be disposed of according to specific procedures and a
              replacement module acquired.

Scalability
             The basic model 3030 Concentrator can support 500 concurrent
              connections
             The 3030 Concentrator can be upgraded in the field to a 3060
              which can support 1000 concurrent connections.
             The Internal database of model 3030 supports up to 500 entries
              (users and groups), the 3060 supports up to 1000 entries. Using an
              external authentication database server, such as RADIUS and
              TACACS+, improves scalability and manageability.
             Bandwidth considerations
              Overhead from the encryption process may add as much as 300%
              to the overall bandwidth requirements when packet size is less than
              40 bytes. Detailed bandwidth metrics will be produced from test
              results.

Risk Analysis
   In the context of the WSP ACCESS encryption project, this means reviewing
   the proposed encryption-decryption structure for the purpose of identifying
   threats, prioritizing threats, and recommending safeguards. This will be
   accomplished in the form of a separate risk management document, which
   will then be used as the basis for the risk analysis section of the design
   document.

   There are two major categories of risk analysis, both of which will be
   employed in our risk assessment. They are qualitative risk analysis and
   quantitative risk analysis.
           Quantitative risk analysis attempts to assign independently
              objective number values to the components of the risk analysis and
              to the level of potential losses. When all elements (asset, value,
              threat frequency, safeguard effectiveness, safeguard costs,
              uncertainty and probability) are quantified, the process is
              considered to be fully quantitative.
           Qualitative risk analysis does not attempt to assign numeric values
              to the risk analysis components. It relies on scenarios or in asking
              ―what if‖ type of questions. It is subjective in nature.
    The primary focus of the WSP ACCESS encryption project is directed
      toward establishing a secure means of disseminating sensitive data. The
      risks involved in this goal cannot be easily quantified. For this reason,
      while we will employ both quantitative and qualitative risk analysis, the
      emphasis will be placed on qualitative risk analysis.
    The risk analysis process consists of five steps
           Identify the asset to be reviewed
           Ascertain the threats, risks, concerns, or issues to that asset.
           Prioritize the risk or determine the vulnerability of the threat to the
              asset
           Implement corrective measures, controls, safeguards, or accept the
              risk.
           Monitor the effectiveness of the controls and assess their
              effectiveness.
      In this instance, the primary asset of the proposed encryption structure,
       that which is to be protected, can be identified as sensitive data and the
       hardware, software, and firmware necessary to insure its safe movement.
      The threats to the movement of sensitive data, whether malicious or
       unintentional, can affect
           The integrity of sensitive data – tampering with the data while en
             route
             o One form of tampering is altering a crucial factor such as the
                  time sent or received, which would allow the sending or
                  receiving entity to repudiate its role in the communication.
           The confidentiality of sensitive data – secrets or sensitive material
             falling into the hands of an unauthorized third party while en route.
           The availability of sensitive data – a third party mounting a denial of
             service attack or otherwise making it impossible for one site to
             receive sensitive material directly dispatched to it from another site.
      A threat agent is the catalyst that performs the threat. The agent can be
       human, machine or nature.
      Vulnerabilities are weakness that would create conditions, which could
       allow the threat to cause an impact to the organization by triggering a loss.
       In this instance, vulnerability might be a defect in the firmware of an
       encryption device. Compliance with FIPS Pub 140-2 and CJIS Security
       Policy v2.4 could affect how the impact of a known vulnerability is
       addressed.
      Loss categories include direct loss, disclosure losses, loss of data
       integrity, losses due to data modification, and losses to due to delays and
       denials of service.
      Safeguards are security controls, which, when put in place, can eliminate,
       reduce or mitigate the impact of a threat occurrence. Some examples of
       safeguards are controlling who has the ability to alter the configuration of a
       device, strong physical security, proactive monitoring, applying relevant
       security patches when available, are keeping up to date on new threats or
       vulnerabilities that may have a direct impact on the system.


Testing
      Testing Process
             Phase 1 testing of the Cisco 3030 concentrator and the Cisco
               3002 client will consist of two PC workstations running either
               Windows 2000 Pro or Windows XP Pro, an Ethernet hub, and
               network cables. (See Figure 4)
                 Phase 2 testing will require the WSP IT group to provide a loop
                  back between the IGN and the WSP perimeter, which will allow
                  testing of the Cisco 3002 client and the Cisco 3030 concentrator
                  in a ―real world‖ deployment scenario. (See Figure 5)
                 Configuring the device to meet FIPS Pub 140-2 standards
                  Using the Cisco‗s Security Configuration Guide as a template,
                  an implementation guide will be developed expanding the
    configuration process to include rules and policies to protect the
    untrusted and trusted interfaces from unauthorized traffic. This
    process is also known as device ―hardening‖ and will be used as
    part of the ―baseline‖.
   Determining which features of the Cisco 3030 should be
    implemented
    The Cisco 3030 concentrator has many features which may be
    of value in the encryption project. During testing, a review of the
    features will determine which ones may provide value. Features
    such as bandwidth management policies and logging functions
    will be reviewed.
   Bandwidth calculations
    Using network monitoring tools in a test environment, determine
    the idle traffic overhead, transmission of small data packets
    (<40 bytes) and medium size data packets (>40 bytes).
   Configuring firewall rules
    Determine what firewall rules are available to be used in the
    protection of the public and private interfaces on the 3030. The
    firewall rules only apply to TCP UDP & ICMP and are limited to
    either allowing or dropping packets.
   Determining test environment availability
    This includes a scheduled visit to data center to evaluate the
    designated test area.
   Developing installation/setup procedure templates
    These templates will constitute a detailed set of procedures
    starting at factory defaults and concluding with a final
    configuration adhering to FIPS Pub140-2 standards. One goal
    of the testing is the development of a compliant configuration for
    the Cisco 3030 concentrator.
   Documenting the Cisco 3002 client configuration
    This will constitute a set of procedures starting at factory
    defaults and concluding with a final configuration adhering to
    FIPS Pub 140-2 standards. A second goal of the testing will be
    the development of a compliant configuration for the Cisco 3002
    client.
       Developing fault isolation (troubleshooting) procedures
       To assist in identifying operational problems, resources such
    as documented procedures, network maps, and diagnostic tools
    will be recommended in the design document. Some of these
    may already be in use by WSP or regional sites. Logging
    information and status indicators may assist in further defining
    the problem. These may be obtained through the use of Cisco
    3030 management and configuration interfaces.
      Re-keying
       During testing the re-keying options will be examined to
    determine the frequency of the process. Metrics to evaluate will
    include re-keying based on data and time interval and what is
    the overhead cost for each.
        Determining the Cisco baseline
        Once a FIPS 140-2 compliant configuration is completed and
    validated, a baseline will be created to identify the security
    ―footprint‖ of the unit. Determining the baseline will include
    various software tools to scan the configured equipment. This
    information may then be used by IDS, IPS and other network
    management and monitoring tools. Additionally specific data on
    MIB data and message formats for SNMP traps will be provided.
    These will be included in the final design document.
        Building a software toolbox
        The software toolbox will include various software tools and
    utilities. Some of these tools may be useful for the ongoing
    management of the encryption environment. The toolbox may
    include commercial and public domain software as well as
    utilities currently owned by the WSP.
        Special equipment
        At the time this assessment report was completed, no
    requirements for special test equipment have been identified. It
    is possible that this may change when the testing process
    starts.
Figure 4




Figure 5
The Crypto Officer Role
      The Crypto Officer is responsible for the configuration and maintenance of
      the concentrator. During initial configuration of the concentrator, the
      Crypto Officer password (the "enable" password) is defined. A Crypto
      Officer assigns permission to access the Crypto Officer role to additional
      accounts, thereby creating additional Crypto Officers.
      The role of the Crypto Officer includes the following tasks:
              Configuring the concentrator:
                 Defines network interfaces and settings
                 Creates command aliases,
                 Sets the protocols the router will support
                 Enables interfaces and network services,
                 Sets system date and time
                 Loads authentication information.
              Defining rules and filters:
                 The Crypto officer creates packet filters that are applied to
                    user data streams on each interface.
                 Each filter consists of a set of rules to permit or deny based
                    on characteristics such as protocol ID, addresses, ports,
                    TCP connection establishment, or packet direction.
              Monitoring Status:
                 Views the concentrator configuration, routing tables, and
                    active sessions
                 Views SNMP MIB II statistics, health, temperature, memory
                    status, voltage, and packet statistics
                 Views and reviews accounting logs
                 Views physical interface status
              Managing the concentrator:
                 Logs off users
                 Shuts down or reloads the concentrator
                 Manually backs up concentrator configurations
                 Views complete configurations
                 Manages user rights
                 Restores concentrator configurations
                 Setting encryption bypass:
                 Sets up the configuration tables for IP tunneling
                 Sets keys and algorithms to be used for each IP range or
                    allows plaintext packets to be set from specified IP address
          ;
Network Management and Auditing
           The Cisco 3030 Concentrator includes ―no-touch‖ management,
             monitoring and alerting.
           The Cisco 3030 Concentrator internal event log holds 2048 entries
             and then overwrites the oldest event.
             Many traditional management interfaces do not comply with FIPS
              Pub140-2 standards and should be avoided . See the Physical
              Security section for more details.
             Event logs can be off-loaded using the following:
                   Flash Memory
                   SYSLOG format (standard and Cisco enhanced)
                   SNMP traps
                   Email notifications
             Logs produced by the Cisco 3030 Concentrator should be
              incorporated into the current WSP logging mechanism. Retention
              policies should conform to WSP retention policies and may also
              need to conform to the requirements of FBI standards
             Clock synchronization

Operational Modes
  Data Initiated
     The data-initiated mode initiates a tunnel from the client to the
     concentrator as required. The tunnel is dropped after the idle timeout is
     reached. This mode would reduce the bandwidth requirements especially
     at the head end. There is increased latency due to tunnel negotiation time.
     Due to the asynchronous design of the ACCESS system, this option may
     cause data loss if the tunnel drops before all responses are returned by
     ACCESS.
  Continuous Tunnel
     The tunnel from the regional site operates 100% of the time, regardless of
     whether data is being transmitted or received. This mode is more suited to
     the asynchronous design of the ACCESS system. This mode increases
     the overall bandwidth requirement. VPN latency (negotiation time) is
     reduced to no more than the latency of the IGN.
  Policy and Filters
     Policies and filters are based on rules determining how data packets are
     handled from and to the concentrator. They may applied globally to an
     interface or to a specific group. Placing the Cisco 3030 inside the
     perimeter (between the IGN and the WSP firewall) would expose the
     untrusted interface to a potentially wide range of attacks. The Cisco 3030
     provides ―firewall like‖ functionality through the use of policies and filters. A
     maximum of 100 filters can be configured. Processing of policies and
     filters increases the load placed on the Cisco 3030 processor. Key
     considerations are:
           The Cisco 3030 is not a firewall. Filters only apply to TCP, UDP,
              and ICMP types of traffic, and are limited to either allowing or
              dropping traffic.
           The goal would be using the functionality of the policies and filters
              to secure the Cisco 3030‘s public and private interfaces.
              Monitoring the untrusted and trusted interfaces during Phase 2
               testing will assist in determining whether a true firewall appliance
               should be added to the design.

Network Performance Factors
     Adding encryption will have an impact on several networking areas.
     Encryption adds overhead, especially when sending and receiving small
     data packets (<40 bytes). This increase in traffic may require that
     additional bandwidth be provisioned in some cases, both at head end and
     regional sites. Additional capacity may also require adding either an
     additional router or installing an additional WAN interface into existing
     equipment. Some locations may not have the ability to add capacity. In
     that case, it may be necessary to implement bandwidth management at
     the regional site to prioritize traffic. Not all devices (routers, firewalls etc.)
     have this capability. Some WAN devices may need to be upgraded.

       Other issues to be considered during the evaluation include:
               IP packet fragmentation (each fragment will add a minimum of
                 20 bytes to the data packet size)
               Message fragmentation
               Packet size (the minimum, typical, and large message size)
               Keep Alives (Used for Dead Peer Detection[DPD].)
               Re-keying interval based on byte count or time or both.
               Maximum Transmission Unit (MTU)
               Network latency and jitter
               Padding requirements
               Requirements for serialization

Operational Impact During Deployment
     One possible way to reduce potential downtime would be to assign each
     regional site two IP addresses. One would be used to maintain the current
     plaintext message routing. The second IP address would be used with the
     encryption model. Figure 6 represents this deployment scenario.

Figure 6
Impact On Existing Network
     In many networks, monitoring systems such as IDS, IPS, Cisco Works, HP
     Open View, Tivoli Intelligent Orchestrator, and CA Unicenter have been
     installed to monitor and manage all active network components. These
     systems may use SNMP traps, MIBs for configuration, syslog, and others.
          WSP head end monitoring systems will require updates to device
             tables
          Regional sites may have systems in place which will need to be
             updated.
          Management of the Cisco 3030 concentrator has restrictions on
             which management and monitoring interfaces are allowed when
             operating according to FIPS 140-2 standards (see Physical
             Security section above)

Resources
     Deploying either the Cisco 3002 Client or upgrading exiting regional site
     equipment will require the involvement of a wide range of IT pros. The
     following is a potential list of resources that may be impacted during
     deployment both at the WSP head end and at the regional sites. In some
     cases, one or more of these roles may be the same person. Depending on
     the deployment scenario selected,
      other resources may be required.
             LAN Engineer provides support for physical/logical placement of
                new equipment (Cisco 3002 or similar device) within the
                network structure.
                WAN Engineer coordinates egress route to the IGN, and
                 confers with the router and firewall engineers to provide IP
                 address assignment, firewall policies and router configuration.
                Router Engineer provides support for installation of upgrades
                 and for re-provisioning.
                Firewall Engineer provides support for upgrades and policy
                 changes
                Help Desk personnel will be made aware of changes to regional
                 site/head end connectivity and how they may affect escalation
                 procedures.
                Operations personnel must be made aware of changes to the
                 ACCESS system, which will add new alerts which must be
                 monitored.
                Application support engineers may be required to make
                 changes to the ACCESS system for testing purposes.
                ISO (Information Security Officer) provides support for policy
                 and procedures implementation and changes.
                Outsourced vendors at regional sites with no dedicated IT staff
                 may be required to fulfill many of the roles described above.

Document Delivery
     Washington State Patrol will need to provide guidance on document
     formatting standards, including fonts, logos, headers, footers, etc. to R
     Systems consultants,
Appendix A - Glossary
     Appliance
      A network security appliance combines firewall security, VPN, and traffic
      management functions. It is a centralized management platform that
      minimizes the administrative effort of security devices and eliminates
      potential inconsistencies associated with software firewall and VPN policy
      definition and deployment.
     Bandwidth
      Difference between the highest and lowest frequencies available for
      network signals. The term is also used to describe the rated throughput
      capacity of a given network medium or protocol.
     Block Cipher
      A method of encrypting text (to produce ciphertext) in which a
      cryptographic key and algorithm are applied to a block of data (for
      example, 64 contiguous bits) at once as a group rather than to one bit at a
      time. The main alternative method, used much less frequently, is called
      the stream cipher.
     Cipher
            a. A cryptographic system in which units of plaintext of regular
            length, usually letters, are arbitrarily transposed or substituted
            according to a predetermined code.
            b. The key to such a system.
            c. A message written or transmitted in such a system.
     Ciphertext
      Encrypted text. Plaintext is what you have before encryption, and
      ciphertext is the encrypted result. The term cipher is sometimes used as a
      synonym for ciphertext, but it more properly means the method of
      encryption rather than the result.
     Cryptographic Boundary
      An explicitly defined contiguous perimeter that establishes the physical
      bounds around the set of hardware, software and firmware that is used to
      implement the cryptographic processes
     Cryptography
      The basis for many types of secure transmission over the Internet,
      cryptography is a constantly changing and evolving field of mathematics
      that on the Internet refers to the practice of encrypting data for safe
      transmission. Regular data is coded into a cipher (which looks like
      scrambled text), then transmitted and deciphered by the receiving party.
     Decryption
      The reverse process to encryption. Frequently, the same cipher is used for
      both encryption and decryption. While encryption creates a ciphertext from
      a plaintext, decryption creates a plaintext from a ciphertext.
   Digital Signatures
    A digital code that can be attached to an electronically transmitted
    message that uniquely identifies the sender. Like a written signature, the
    purpose of a digital signature is to guarantee that the individual sending
    the message really is who he or she claims to be. A Digital Signature can
    be used to identify any entity, for example an organization, not just a
    person.
   Encryption
    The translation of data into a secret code. Encryption is the most effective
    way to achieve data security. To read an encrypted file, you must have
    access to a secret key or password that enables you to decrypt it.
   Firewall
    A system designed to prevent unauthorized access to or from a private
    network. Firewalls can be implemented in both hardware and software, or
    a combination of both. Firewalls are frequently used to prevent
    unauthorized Internet users from accessing private networks connected to
    the Internet, especially intranets. All messages entering or leaving the
    intranet pass through the firewall, which examines each message and
    blocks those that do not meet the specified security criteria.
   Firmware
    Software (programs or data) that has been written onto read-only memory
    (ROM). Firmware is a combination of software and hardware. ROMs,
    PROMs and EPROMs that have data or programs recorded on them are
    firmware.
   Hash Function
    A mathematical function that maps values from a large (or very large)
    domain into a smaller range, and that reduces a potentially long message
    into a "message digest" or "hash value" or that is sufficiently compact to
    be input into a digital signature algorithm. Note: A "good" hash function
    is one that results from applying the function to a (large) set of
    values that is evenly (and randomly) distributed over the range.
   Hash Message Authentication Code (HMAC)
    A type of message authentication code (MAC) calculated using a
    cryptographic hash function in combination with a secret key. As with any
    MAC, it may be used to simultaneously verify both the data integrity and
    the authenticity of a message. Any iterative cryptographic hash function,
    such as MD5 or SHA-1, may be used in the calculation of an HMAC; the
    resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA-1
    accordingly. The cryptographic strength of the HMAC depends upon the
    cryptographic strength of the underlying hash function and on the size and
    quality of the key.
   Internet Control Message Protocol (ICMP)
    Short for an extension to the Internet Protocol (IP) defined by RFC 792.
    ICMP supports packets containing error, control, and informational
    messages. The PING command, for example, uses ICMP to test an
    Internet connection.
   Intrusion Detection System (IDS)
    Inspects all inbound and outbound network activity and identifies
    suspicious patterns that may indicate a network or system attack from
    someone attempting to break into or compromise a system.
   Intrusion Prevention System (IPS)
    Used in computer security. It provides policies and rules for network traffic
    along with an intrusion detection system for alerting system or network
    administrators to suspicious traffic, but allows the administrator to provide
    the action upon being alerted. Some compare an IPS to a combination of
    IDS and an application layer firewall for protection.
   Keep Alive
    An IKE Keep Alive is a tool for monitoring the continued presence of a
    peer and report of the VPN client's continued presence to the peer. The
    VPN client notifies you when the peer is no longer present.
   Key Encrypting Key
    In public-key cryptography, two key encrypting keys used together to
    encrypt other keys.
   Key Space
    In cryptography, an algorithm's key space refers to all possible keys that
    can be used to initialize it. Put in its most simplistic terms, the possibilities
    in the series A,B,C...Z represent a much smaller key space than
    AAA,AAB,AAC...ZZZ. A well-designed cryptographic algorithm should be
    highly computationally expensive when trying to brute force through all
    possible key values.
   Message Authentication Code (MAC)
    A short piece of information used to authenticate a message. A MAC
    algorithm (sometimes termed a keyed hash function) accepts as input a
    secret key as well as the message, and produces a MAC (sometimes
    known as a tag). The MAC protects both a message's integrity—by
    ensuring that a different MAC will be produced if the message has
    changed—as well as its authenticity—because only someone who knows
    the secret key could have generated a valid MAC.
   Management Information Base (MIB)
    A formal description of a set of network objects that can be managed
    using the Simple Network Management Protocol (SNMP). The format of
    the MIB is defined as part of the SNMP. (All other MIBs are extensions of
    this basic management information base.)
   Network Address Translation (NAT)
    The translation of an Internet Protocol address (IP address) used within
    one network to a different IP address known within another network. One
    network is designated the inside network and the other is the outside.
    Typically, a company maps its local inside network addresses to one or
    more global outside IP addresses and unmaps the global IP addresses on
    incoming packets back into local IP addresses. This helps ensure security
    since each outgoing or incoming request must go through a translation
    process that also offers the opportunity to qualify or authenticate the
    request or match it to a previous request.
   NAT-Traversal (NAT-T)
    Passing through network address translation (NAT) to reach a user. NAT
    hides private IP addresses from the public Internet; however, Voice Over
    IP (VoIP) and videoconferencing calls that originate from outside the
    network must locate the user's IP address.
   OSI Reference Model
    An ISO standard for worldwide communications that defines a networking
    framework for implementing protocols in seven layers. Control is passed
    from one layer to the next, starting at the application layer in one station,
    proceeding to the bottom layer, over the channel to the next station, and
    back up the hierarchy.
   Port Address Translation (PAT)
    During PAT, each computer on LAN is translated to the same IP address,
    but with a different port number assignment. PAT is also referred to as
    overloading, port mapping, port-level multiplexed NAT, or single address
    NAT.
   Perimeter
    The boundary between the private and locally managed-and-owned side
    of a network and the public and usually provider-managed side of a
    network
   Public Key Infrastructure (PKI)
    Enables users of a basically unsecure public network such as the Internet
    to securely and privately exchange data and money through the use of a
    public and a private cryptographic key pair that is obtained and shared
    through a trusted authority. The public key infrastructure provides for a
    digital certificate that can identify an individual or an organization and
    directory services that can store and, when necessary, revoke the
    certificates.
   Plaintext
    Refers to any message that is not encrypted. Contrast with ciphertext.
   Private Key
    A key used in asymmetric encryption. It is mathematically equivalent to a
    Public Key, but is kept private. This is one half of a matching key-pair. (Not
    to be confused with a ―secret key‖ used in symmetric encryption).
   Pseudorandom numbers
    Deterministically generated rational random numbers having certain
    numerical properties that are relevant for the actual application where they
    are used in the place of realizations of random variables.
   Public Key
    A public key is a value provided by some designated authority as an
    encryption key that, combined with a private key derived from the public
    key, can be used to effectively encrypt messages and digital signatures.
   Public Key Certificate
    A digitally signed document that serves to validate the sender's
    authorization and name. The document consists of a specially formatted
    block of data that contains the name of the certificate holder (which may
    be either a user or a system name) and the holder's public key as well as
    the digital signature of a certification authority for authentication. The
    certification authority attests that the sender's name is the one associated
    with the public key in the document.
   Public-key or Asymmetric Encryption
    A cryptographic system that uses two keys -- a public key known to
    everyone and a private known only to the recipient of the message. When
    John wants to send a secure message to Jane, he uses Jane's public key
    to encrypt the message. Jane then uses her private key to decrypt it.
   Secret Key
    An encryption key that is kept concealed. Its discovery voids the security
    of the encryption session. A secret key generally refers to the key in a
    secret key cryptography system in which both sides use the same key.
   Secret-key or Symmetric Encryption
    A type of encryption where the same key is used to encrypt and decrypt
    the message. This differs from asymmetric (or public-key) encryption,
    which uses one key to encrypt a message and another to decrypt the
    message.
   Simple Network Management Protocol (SNMP)
    A set of protocols for managing complex networks. SNMP works by
    sending messages to different parts of a network. SNMP-compliant
    devices, called agents, store data about themselves in Management
    Information Bases (MIBs) and return this data to the SNMP requesters.
   Split Knowledge
    In secure communications, a condition under which two or more entities
    separately have key components that, individually, convey no knowledge
    of the resultant cryptographic key.
   Stream Cipher
    A stream cipher is a method of encrypting text (to produce ciphertext) in
    which a cryptographic key and algorithm are applied to each binary digit in
    a data stream, one bit at a time. This method is not much used in modern
    cryptography.
   Syslog
    A de facto standard for forwarding log messages in an IP network. The
    term "syslog" is often used for both the actual syslog protocol as well as
    the application or library sending syslog messages. Syslog is typically
    used for computer system management and security auditing. While it has
    a number of shortcomings, its big plus is that it is supported by a wide
    variety of devices and receivers.
   Transmission Control Protocol (TCP)
    Whereas the IP protocol deals only with packets, TCP enables two hosts
    to establish a connection and exchange streams of data. TCP guarantees
    delivery of data and also guarantees that packets will be delivered in the
    same order in which they were sent.
   Transmission Control Protocol/Internet Protocol (TCP/IP)
    The basic communication language or protocol of the Internet. It can also
    be used as a communications protocol in a private network (either an
    intranet or an extranet). When you are set up with direct access to the
    Internet, your computer is provided with a copy of the TCP/IP program just
    as every other computer that you may send messages to or get
    information from also has a copy of TCP/IP.
   Trusted (Private) Interface
    A network adapter that is physically connected to a private network. Most
    private networks are configured with a private network IP address range,
    and the private interface is also configured with a private address.
    Because a private network is, in theory, composed of known users and
    computers, you generally have fewer security considerations for a private
    interface than for a public interface.
   Tunnel
    Tunneling is the transmission of data intended for use only within a
    private, usually corporate, network through a public network in such a way
    that the routing nodes in the public network are unaware that the
    transmission is part of a private network. Tunneling is generally done by
    encapsulating the private network data and protocol information within the
    public network transmission units so that the private network protocol
    information appears to the public network as data.
   User Datagram Protocol (UDP)
    A connectionless protocol that, like TCP, runs on top of IP networks.
    Unlike TCP, UDP provides very few error recovery services, offering
    instead a direct way to send and receive datagrams over an IP network.
   Untrusted (Public) Interface
    A network adapter that is physically connected to a public network, such
    as the Internet. The public interface is configured with a public IP address.
    You can configure a public interface to perform network address
    translation (NAT). Because a public interface is theoretically accessible by
    anyone on the public network, security considerations are generally higher
    for a public interface than for a private interface.
   Virtual Private Network (VPN)
    A virtual private network (VPN) is a network that uses a public
    telecommunication infrastructure, such as the Internet, to provide remote
    offices or individual users with secure access to their organization's
    network. A virtual private network can be contrasted with an expensive
    system of owned or leased lines that can only be used by one
    organization. The goal of a VPN is to provide the organization with the
    same capabilities, but at a much lower cost.
    A VPN works by using the shared public infrastructure while maintaining
    privacy through security procedures and tunneling protocols, such as the
    Layer Two Tunneling Protocol (L2TP). In effect, the protocols, by
    encrypting data at the sending end and decrypting it at the receiving end,
    send the data through a "tunnel" that cannot be "entered" by data that is
    not properly encrypted. An additional level of security involves encrypting
    not only the data, but also the originating and receiving network
    addresses.
   Vulnerability
    A state in a computing system (or set of systems) which either:
        Allows an attacker to execute commands as another user
        Allows an attacker to access data that is contrary to the specified
           access restrictions for that data
        Allows an attacker to pose as another entity
        Allows an attacker to conduct a denial of service
   Wide Area Network (WAN)
    A computer network that spans a relatively large geographical area.
    Typically, a WAN consists of two or more localarea networks (LANs).
    Computers connected to a wide area network are often connected through
    public networks, such as the telephone system. They can also be
    connected through leased lines or satellites. The largest WAN in existence
    is the Internet.

								
To top