Very many, almost all business sectors migrated to the global network. This made the issues of security of transmitted data and anonymity of users more pressing – and these are the issues which can be solved by modern traffic encryption technologies in corporate and local networks.
Traffic may be encrypted in two different ways. In the first case, encryption is done by the program transmitting the data – database server, mail client, web server, and similar applications. However, not all of them have this feature and are able to provide a proper level of protection.
The second option is traffic encryption at the level of the operating system. This method is completely transparent for the application, does not interfere with the work, and provides sufficient reliability and high resistance to hacking. There is a great number of such means, but the most common ones are OpenVPN and IPSec. Both of them are based on open standards and can be used not only on Microsoft operating systems, but also on Linux, Mac OS X and mobile systems iOS and Android.
IPSec is a set of standards to help encrypt traffic at the level of network packages transmitted over TCP / IP. They provide for authentication and data verification which excludes not only unauthorized access, but also data loss during transmission.
If we talk about Microsoft Windows XP, 7 or 8, you do not need to install any additional software to encrypt the data in these versions of the operating system – all you need to do is configure the existing IPSec.
IPSec uses ESP protocol to encrypt traffic, and AH for digital signature in the transmitted packages. The coding is done before authentication, unlike the SSL, and thus the protection is at a much higher level of reliability. Authentication is implemented using ISAKMP and Oakley protocols. As a result, it is impossible to intercept data even with the help of the sniffer program.
Perhaps the most important advantage of IPSec is its high degree of integration in Windows operating system. Even in its simplest mode you can just turn IPSec on using Kerberos (authentication system) – the service will enable the domain controller and all traffic will be encrypted.
Another advantage of this solution is its absolute transparency not only for applications, but also for routers, network card drivers, and so on. From the standpoint of logic of the running program or device, the packages are being transmitted as normal, while the use of IPSec is unnoticeable.
Traffic encryption using IPSec in a small local network hardly affects performance. However, if necessary, one can purchase network adapters with hardware accelerators.
Another advantage is the high level of control - the system can be applied to the traffic of individual computers or even specific programs – all settings are made in the policies section of IPSec.
Another version of VPN technology – OpenVPN can also be used for data encryption; it uses SSL or more reliable TLS. Creating a fast, ultra-reliable, hacker-protected tunnel on top of the existing Internet connection does not take much time. However, some configuration details may require a qualified professional.
In fact, the mechanics of the process is somewhat similar to the aforementioned method of protection: network traffic is encrypted, encapsulated in the package and sent to the destination, and vice versa.
OpenVPN runs on almost all known platforms, including Solaris and Mac OS. Transporting the packages does not require TCP / IP protocol; it can also be configured with the help of UDP / TCP. OpenVPN tunnels can be created on top of NAT, they work through firewalls, but they must be configured for connection status control (echo requests sent at intervals).
Asymmetric encoding method is used to encrypt traffic, together with SSL or TLS security certificates. OpenVPN when installed on any operating system is resistant to DDoS-attacks and other common tricks by cybercriminals.
Aside from traffic encryption, a number of other measures must be taken to ensure safety in the local network. A properly configured firewall and antivirus help neutralize most of the threats before they can cause any damage. Data backup system helps restore computers and important data after unexpected crashes or power outages.
