Cryptographic gateway
A crytogateway is a software or hardware-software complex operating on the basis of VPN (Virtual Private Network) technology and providing “transparent” encryption of information network flows between objects remote from each other.
The use of cryptographic gateways is necessary if it is necessary to ensure the integrity and confidentiality of transmitted data that are sent over unprotected or unverified communication channels. VPN in this case can be organized on a “network-to-network” or “network-to-remote user” principle. If the “network-to-network” principle is used, a cryptographic gateway must be installed on both sides of the communication channel. In this case the traffic between them will be encrypted. If the “network-remote user” principle is used, the software or hardware crypto gateway is installed on the server side, the user only needs to install the software client.
[text_with_btn btn=”Learn more” link=”https://itglobal.com/ru-ru/services/info-security/security-audit/”]Information security audit[/text_with_btn]Access to secure network resources
The access server (crypto gateway software) identifies and authenticates users and connects them to the necessary network nodes. The created secure channels form VPN-networks. To ensure the operation of such a network uses specialized software (control center), which manages local security policies of clients and sends configuration data to all users, keeps system logs.
Functionality
. The basic functions of crypto-gateways are as follows:
- protect confidentiality and integrity of transmitted IP packets;
- authentication of remote hosts and users;
- disclosure of the internal network topology by encapsulating traffic in an encrypted data channel
.
. Crypto-gateways often serve as firewalls. But not in every case they can be as flexible and customizable, that is, they cannot compare in their functionality with a full-fledged firewall.
Distinctions and features of cryptographic gateways
. To date, many technological and circuit solutions have been developed for the organization of secure data transmission through the network. The most common technology is a means of cryptographic protection of the Hub-and-Spoke class, in which each communication channel is connected to the center, and Full Mesh, in which all channels are connected to each other. Individual developers may implement VPN technologies in their own way.
In terms of the protocols used, crypto-gateways with Virtual Private Network can be divided into:
- proprietary protocols (private developments), which are incompatible with any other solutions;
- IPSec/IKE class protocols (IP Security and The Internet Key Exchange);
- SSL/TLS class protocols (sockets layer and transport layer security);
- Sec/TLS class protocols (sockets layer and transport layer security).
Use Scenarios
Cryptographic gateways can be used in the following use cases:
- To protect personal data on a particular enterprise network.
- To protect confidential information according to the current legislation of the Russian Federation. For example, when maintaining access to professional or commercial secrets, data on insured people, etc.
- To protect data stored in the networks of executive authorities.
- To prevent unauthorized interception of any information (e.g., commercial orders of various organizations, as well as services provided by them, if it is a matter of state activity).
- To protect data held by any government agencies or companies working with government contracts.
- All data is protected.