Page 461 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 461
Downloading/saving a file
Printing a file
Taking screenshots of file content
DRM solutions allow organizations to control these rights by granting
them when needed, revoking them when no longer necessary, and
even automatically expiring rights after a specified period of time.
Networking
The final application of cryptography we’ll explore in this chapter is
the use of cryptographic algorithms to provide secure networking
services. In the following sections, we’ll take a brief look at two
methods used to secure communications circuits. We’ll also look at
IPsec and Internet Security Association and Key Management Protocol
(ISAKMP) as well as some of the security issues surrounding wireless
networking.
Circuit Encryption
Security administrators use two types of encryption techniques to
protect data traveling over networks:
Link encryption protects entire communications circuits by
creating a secure tunnel between two points using either a
hardware solution or a software solution that encrypts all traffic
entering one end of the tunnel and decrypts all traffic entering the
other end of the tunnel. For example, a company with two offices
connected via a data circuit might use link encryption to protect
against attackers monitoring at a point in between the two offices.
End-to-end encryption protects communications between two
parties (for example, a client and a server) and is performed
independently of link encryption. An example of end-to-end
encryption would be the use of TLS to protect communications
between a user and a web server. This protects against an intruder
who might be monitoring traffic on the secure side of an encrypted
link or traffic sent over an unencrypted link.
The critical difference between link and end-to-end encryption is that
