Ssl fundamentals (sa8200/ sa8220 only), Ssl fundamentals (sa8200/sa8220 only) – HP Traffic Director sa7220 User Manual
Page 30
C H A P T E R 2
HP Traffic Director Server Appliances User Guide
18
SA8220’s dual NIC and packet filtering capabilities can be used to
isolate the web servers from the Internet, further preventing
unauthorized access.
SSL
Fundamentals
(SA8200/
SA8220 only)
SSL involves an interchange of keys used both to authenticate the
parties and to provide information to securely encrypt confidential
data. The keys distributed in this medium are “one way,” or
asymmetric. That is, they can only be used to encrypt confidential
data, and only the “owner” of the public key can decrypt the data once
it is encrypted using the public key information. SSL assures the three
things shown below.
To establish a secure session with a server, the client sends a “hello”
message to which the server responds with its certificate and an
encryption methodology. The client then responds with an encrypted
random challenge, which is used to establish the session keys. This
method allows two parties to quickly establish each others’ identities
and establish a secure connection.
Several encryption methods are employed. Common ones are DES,
3DES, RC2, and RC4. Key size can be varied to determine the level
of security desired. A longer key is more secure.
The SA8220 supports all common keys and ciphers, as well as the
following encryption methods: DES, DES3, and RC2 & RC4. The
SA8220 includes a licensed version of the RSA code embedded in the
security module as well. The device's session management software
has been certified by prominent security agencies and meets all
standards for SSL traffic.
The SA8220 handles all the handshaking, key establishment, and
bulk encryption for SSL transactions. Essentially, the SA8220 is a
full-featured, SSL-enabled web server. Traditionally, these functions
Benefit
Description
Authenticity
Verifies the identities of the two parties
Privacy
None other than the transacting parties can access
the information being exchanged.
Integrity
The message cannot be altered in transit between
the two parties by a third party without the
alteration being detected.