Link to home
Avatar of skento
skento

asked on

Windows XP & Solarix OS end-to-end data encryption

We have windows xp clients that run a FAT client application that talks to
an oracle database running on a UNIX server. We have been mandated to do
end-to-end data encryption between the Windows xp clients and the UNIX
server. Using VPN is not an option. So I was thinking about implementing
IPSEC.
Does anyone know if IPSEC is the right encryption method in this case, given
that the clients are Windows XP and the server is running Sun Solaris OS?
Will there be compatibility issues using IPSEC between these two different
platforms?

The vendor that developed the application running on the Windows XP client
says there application does not and will not do encryption. Are their any
other known solutions out there that can do end-to-end encryption between
these two platforms other than VPN or redesigning the client application?
Avatar of drtoto82
drtoto82
Flag of Egypt image

First of all, I didn't work on Solaris before, but I have to mention some facts about IPSec , from my bacground as MCSE Security..

The program you are using has notihng to do with the encryption . IPSec encryption will be made by the operatin system on the netwrok level , this will be completely transparent to the applicatoin and the users too..

If you think that solaris is not compatible, you can work around this by using IPSec on the hardware level. For example, cisco routers and switches support IPSEC encyprion too.

Check with your network security consultants for more details. IPSEC was made for scenarios like the one you are talking about. IPSEC will be the best solution to help improve your security against sniffing and replay attacks.

All the difficulties will be faced will be about the implementation itself.
ASKER CERTIFIED SOLUTION
Avatar of Hanno P.S.
Hanno P.S.
Flag of Germany image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of skento
skento

ASKER

I looked into this and found out that it is doable if the Solaris version is at least 9. There were some incompatibility issues with the way Microsoft and Solaris implemented IPSEC. Microsoft IPSEC authentication uses only IKE (internet key exchange) while older versions (version 8 and below) of Solaris used pre-shared keys but not IKE. I understand that beginning with version 9, Solaris now support IKE.

 

There is a document on suns website that describes the details; however, it is only available to sunSolve users a paid subscription.
I've already answered the way to accomplish this and which compatibilities do
actually exist. Although the link I've been referring to is only available to Sun
customers with a valid service contract, I've posted the key information above.
Therefore, skento does not give new information in his comment
Agreed