Datatek Enhanced Security Guide User Manual

I P-CommKit En hanced Securit y G uide

11/29/05

Datatek Applications Inc.

4

The IP-CommKit Enhanced Security Feature also makes it more difficult for an

unauthorized host computer to gain access to the BNS network through the UTM

module. In IP-CommKit Security Analysis, the effect of IP-CommKit on the vulnerability

of BNS networks to unauthorized access is examined. The conclusion is that several

layers of protection make a successful attack unlikely. The IP-CommKit Enhanced

Security Feature adds another layer of protection, further reducing the probability of a

successful attack.

The IP-CommKit Enhanced Security Feature uses a proprietary encryption algorithm.

While Datatek does not describe the algorithm in the documentation, it has the following

properties:

!

The host computer and UTM module use different encryption keys.

!

Every host computer and UTM module uses a different encryption key.

!

The host computer generates the encryption key used by the UTM from IP-

CommKit configuration data, and vice versa, so there is no need for the host

computer and UTM module to exchange keys through the IP network.

!

The encryption algorithm is efficient, and results in a negligible increase in CPU

utilization on the host computer.

!

The encryption algorithm does not increase the size of the messages exchanged

by the host and UTM module. Thus, there is no increase in the IP network traffic

load.

The encryption algorithm used in the IP-CommKit Enhanced Security Feature is not

powerful enough to thwart sophisticated cryptographic attacks, such as those mounted

by government agencies or organized crime groups. As a result, the IP-CommKit

Enhanced Security Feature is not suitable for protecting financial or military information

in public networks. For these applications, contact Datatek for information about using

IPsec with IP-CommKit.