Implementing Encryption

Irrespective of which encryption method or protocol is used, network administrators must be aware that providing encryption for network traffic is not without its considerations. These include

  • Network traffic overhead Encrypting data on a network increases the volume of traffic. Even if, as it is with some encryption methods, the size of the data packets that traverse the network do not increase in size, there is often traffic associated with the setup and breakdown of encrypted communication sessions.

  • Processor Overhead While modern encryption protocols are designed to be as lightweight as possible, there is still always an overhead associated with encrypting or decrypting data. In a small environment with just a few computers, this overhead might be negligible, and server or workstation performance might not be affected. In larger environments, however, or with servers that handle very large amounts of network traffic, the overhead associated with encryption must be considered more carefully.

  • Supported Operating Systems Not all operating systems support all encryption mechanisms. For example, Microsoft Windows Server 2003 relies on IPSec as the primary means of encryption, and Windows XP Professional Edition also supports IPSec, as does Windows 2000 Professional. Earlier versions of Windows, such as Windows 98 and Windows Me, however, do not support IPSec without additional client software.

Another key consideration when using encryption, particularly from a connectivity perspective, is that some operating systems can be configured to deny requests from clients that are not using encryption. This configuration should be implemented only after it has been confirmed that all the client systems can also use encryption. Otherwise, they will not be able to connect to the server.