Dr. Dobb's Journal June 1997
When selecting a security protocol, you need to consider a number of attributes. The following is a list of some of the key factors to take into account in making that choice.
Granularity of Authentication. Authentication is verification that the identity claimed by an entity is valid. Do you need to identify individual users or is authentication of the IP address (originating host) adequate? Frequently, the IP address of a machine (a laptop, for instance) implies the user. Authentication of individual users can be attractive for small organizations. In large organizations, access control based on individual-user authentication can lead to significant administrative costs.
Perimeter- or Desktop-Secure Communications. Do you need secure communications to each user's desktop or is perimeter protection adequate? Secure protocols protect against attacks from outsiders, but they provide little defense against attacks perpetrated by insiders.
Cost of Implementation and Maintenance. How much is your organization willing to spend on security? How much could you lose if network security was compromised? The total cost of security can be much greater than the purchase price of the hardware and/or software.
Regarding implementation and maintenance, be sure your estimate does not overlook the cost of the following issues:
Cryptographic key management. Cryptographic systems used to provide authentication and confidentiality require secret variables known as keying material. The security of the entire system relies on the strict control and secure distribution of this keying material. Multiply the cost of generating, distributing, and superseding keying material by the number of entities (users, workstations, firewalls) that require keying material and maintenance of Access Control Lists.
Training. Add up the training costs for each user/administrator who needs to be aware of and perform security-related tasks.
Software Upgrades. Include the cost of any software that must be modified or replaced in order to work with the network security solution.
Interoperability. Will the secure protocol allow interoperability among mainframes, UNIX machines, Macs, and PCs? Will users be able to continue performing the same tasks they do today?
Vendor and standards support. Is the protocol an industry standard supported by multiple vendors?
-- T.M.