Data Encryption Overview - Cisco PIX 520 - PIX Firewall 520 Installation Manual

Data Encryption Overview

•
•
•
Data Encryption Overview
This section describes data encryption, including the IPSec, IKE, and certification authority (CA)
interoperability features.
For additional information on these features, refer to the "IP Security and Encryption" chapter in the
Note
appropriate Security Configuration Guide and Security Command Reference publications for your
specific PIX Firewall.
IPSec is a network level open standards framework, developed by the Internet Engineering Task Force
(IETF) that provides secure transmission of sensitive information over unprotected networks such as the
Internet. IPSec includes data authentication, antireplay services and data confidentiality services.
Cisco follows these data encryption standards:
•
•
Cisco PIX Device Manager Installation Guide
1-2
– Connection graphs: Tracks real-time session and performance monitoring data for connections,
address translations, authentication, authorization, and accounting (AAA) transactions, URL
filtering requests, and more on a per-second basis.
– Intrusion Detection System (IDS): Provides 16 different graphs to display potentially malicious
activity. IDS-based signature information displays activity such as IP attacks, Internet Control
Message Protocol (ICMP) requests, and Portmap requests.
– Interface graphs: Provides real-time monitoring of your bandwidth usage for each interface.
Bandwidth usage is displayed for incoming and outgoing communications, such as packet rates,
counts, and errors, as well as bit, byte, and collision counts.
Syslog Viewer—Lets you view specific syslog message types by selecting the desired logging level.
Embedded Architecture—Lets you manage the Cisco PIX Firewall from almost any computer,
regardless of the operating system, and works with most browsers, including Microsoft Internet
Explorer and Netscape Navigator. There is no application to install and no plug-in required.
Secure Communication—Supports the Secure Sockets Layer (SSL) protocol to provide high-grade
encryption from the PIX Firewall to a browser. PDM to PIX Firewall communication is securely
encrypted according to these encryption standards: 56-bit Data Encryption Standard (DES), 168-bit
Triple DES (3DES), or 128-bit Advanced Encryption Standard (AES). You can protect access with
a valid username and password, either on the PIX Firewall or through an authentication server.
IPSec—IPSec is an IP layer open standards framework that provides data confidentiality, data
integrity, and data authentication between participating peers. IKE handles negotiation of protocols
and algorithms based on local policy, and generates the encryption and authentication keys to be
used by IPSec. IPSec protects one or more data flows between a pair of hosts, between a pair of
security systems, or between a security system and a host.
IKE—Internet Key Exchange (IKE) is a hybrid security protocol that implements Oakley and Skeme
key exchanges inside the Internet Security Association and Key Management Protocol (ISAKMP)
framework. IKE can be used with IPSec and other protocols. IKE authenticates the IPSec peers,
negotiates IPSec security associations, and establishes IPSec keys. IPSec can be configured with or
without IKE.
Chapter 1 Overview
78-15483-01