Securing Communications and File Storage in a Sensitive Environment

Articles and Tips: qna

01 May 2001

Dear Ab-end: I have in a very sensitive networking environment. I need solutions that provide secure communications and very secure file storage. Does Novell have any partners that provide software for encrypted communication between the workstations and the server? And are there any partners that provide software which encrypts the NetWare volume? - Sensitive in Salt Lake City

Dear Sensitive: You can actually use Novell technology to secure the communication between the workstation and the servers. Put your servers in a secure room behind a firewall and use the BorderManager 3.6 server as the only way to get through the firewall.

This way, in order to establish a connection to the server, the clients have to make a BorderManager VPN (Virtual Private Network) connection. This ensures that all traffic between the server and the clients is encrypted with 3DES 128+bit encryption. (Keep in mind that you can't do this in France.)

You can find some hardware devices on the market that connect between the hub and the router. These make sure that all traffic from the hub to the router is very securely encrypted. Most of these devices use a one-time PAD (Packet Assembler/Disassembler) versus negotiated encryption. So, they are extremely secure. The drawback with these devices is that they have limited applications and can be very hard to set up.

NetWare doesn't currently support an encrypted file system. But third-party products from RSA and others allow encrypted data stores on network volumes. The advantage to these is that they are encrypted by the user, not by the server, and most of these new products support secondary recovery keys. This means that if someone leaves the company, you can still get their data. But, all of the products that I'm aware of are Windows-based and require that you install the encryption software on each machine. So, they're more administration-heavy than a server-based solution. (Answer contributed by Todd Dailey, Novell, Inc.)

* Originally published in Novell AppNotes

Disclaimer

The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.