9

Installing and Configuring Data Encryption Offloads

The 3CR990B NIC performs data encryption processing offloads in Windows 2003, Windows XP, and Windows 2000.

The 3CR990B NIC does not encrypt the data itself: the operating system performs that function.

Encryption processing is handled entirely by the NIC. The NIC enables true end-to-end network security at the data capacity of the connected network cable, without sacrificing performance.

This chapter provides instructions for configuring IPSec in Windows 2003, Windows XP, and Windows 2000 environments.

Overview

Internet Protocol Security (IPSec) is a framework of open standards for ensuring secure private communications over IP networks. IPSec ensures confidentiality, integrity, access control, and authenticity of data communications across a public IP network.

Offloading Encryption Processing

You can configure any two (or more) computers running Windows 2003, Windows XP, or Windows 2000 to perform IPSec encryption by changing the Local Security Setting in the operating system.

With most non-3CR990B NICs, all the IPSec processing is done by the host central processing unit (CPU), which significantly diminishes CPU performance. The 3CR990B NIC can offload all the encryption processing from the host CPU, thereby freeing the CPU to work on other tasks.

Selecting Basic or Strong Encryption Processing

The 3CR990B NIC provides Data Encryption Standard (DES) 56-bit encryption processing and 3DES (3DES 168-bit) encryption processing. You can configure the 3CR990B NIC to process data packets encrypted with either DES (basic) or 3DES (strong) algorithms. DES and 3DES are IPSec bulk encryption algorithms for coding data.

DES encrypts 64-bit data blocks using a 56-bit key. DES can be applied in several modes. 3DES (Triple DES) achieves a higher level of security by encrypting the data three times using DES with three different, unrelated keys. 3DES is also known as 168-bit data encryption.

23

Page 29
Image 29
HP Embedded Firewall manual Overview, Offloading Encryption Processing, Selecting Basic or Strong Encryption Processing