1 / 7

Data Encryption in Transit

Data Encryption in Transit. Why? Ensure the confidentiality of data in transit. Meet compliance and regulatory requirements. IU Policy IT-12 “Encrypt sensitive data being transmitted to-and-from the system where possible to ensure the data is protected in transit.” How?. SSL & TLS.

sutton
Download Presentation

Data Encryption in Transit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Encryption in Transit • Why? • Ensure the confidentiality of data in transit. • Meet compliance and regulatory requirements. • IU Policy IT-12 “Encrypt sensitive data being transmitted to-and-from the system where possible to ensure the data is protected in transit.” • How?

  2. SSL & TLS • Frequently associated with HTTP, but can be utilized with many protocols: • SMTP, IMAP, LDAP, RDP, Databases, Instant Messaging • Authentication of the server, and optionally the client. • Certificate (X.509) based asymmetric encryption during negotiation and authentication. • Negotiation of mutually acceptable cipher suite. • Symmetric session key used for data transfer. • IU Certificate Authority

  3. Email • Encrypting the data • PGP or GnuPG, S/MIME. • Client support. • Trusted certificates must exist. • Encrypting the transfer • SSL/TLS over standard protocols IMAP, SMTP, HTTP. • Third Party such as Zix, Ironport, etc.

  4. VPN and Wireless Networks • Provide an encrypted tunnel between client and VPN or Wireless endpoint. • Traffic leaving endpoint is not protected by the encrypted session. • IU’s Juniper SSL VPN • Client Required • IU Secure Wireless Network • WPA2

  5. Interactive Sessions • SSH suite instead of telnet and ftp • Windows Remote Desktop • Native encryption. • TLS with Windows 2003 SP1+. • Group Policy Objects can be used to control usage. • Third Party Applications (PCAnywhere, VNC, etc)

  6. File Transfers • SMB file shares not encrypted by default. • IPSec. • WebDAV with SSL/TLS. • Secure file transfer protocols: sFTP and Scp. • Utilizing a secure third party such as IUVault or Slashtmp with encryption. • Encrypt the data prior to transmission.

  7. Questions?

More Related