Encryption
Encryption scrambles the characters in transmission packets to make it difficult to decode and read. Intercepting packets is not difficult. Sending critical information such as credit card numbers with expiration dates or passwords as clear text is not a safe thing to do. The WatchGuard LiveSecurity system employs different types of encryption for critical connections that could compromise your system if data were transmitted as clear text.
The LiveSecurity System provides automatic encryption for connections between the Management Station and the Firebox, Log Host, and Event Processor. It offers configurable encryption when setting up Mobile User or Branch Office VPN.
WatchGuard offers three different levels of encryption: Standard, Enhanced, and Strong. Enhanced and Strong encryption are offered as options, and must be licensed and installed separately from your standard LiveSecurity System.
Standard encryption uses a 56-bit encryption key, also known as DES (Data Encryption Service). Enhanced encryption uses a 112-bit key. Strong encryption uses a 168-bit (triple-DES) key. These are the levels of encryption for the Management Station connections that use automatic encryption. These license limits also establish how strong an encryption you can use for VPN. For example, if you are setting up Branch Office VPN with automatic IPSec, you must have strong encryption to use SHA-1-HMAC authentication with 3DES-CBC encryption.
If you have Enhanced or Strong encryption, you can choose the level of encryption appropriate to the tunnel you set up. For example, for general use, you might use single-DES encryption maximize throughput. For administrative or transactional connections where you have more to lose if packets are intercepted and decoded, you can set up highly encrypted tunnels between specific hosts or networks.
|
|
