Embedded Files
Post date: Oct 29, 2012 4:05:50 PM
Encryption is often used to create secure connections over unsecure networks such as the Internet or dial-in systems run by service providers. The encryption process can be processor intensive and can add overhead to the data stream. Data compression if properly used can help reduce the processor load of encryption and also reduce the data volumes enough to overcome the overhead introduced by the encryption process.
It the compression is not properly applied it can lead to problems. Data compression use patterns in the data stream to reduce the size of the stream by replace repeated patterns with shorter references to the repeated pattern early in the data stream. The goal of encryption is to make the data stream look as random as possible as repeated patterns can be used to do statistical analysis and determine the underlying data. So it is basically impossible to compress encrypted data. In fact encrypted data will be expanded by some compression algorithms and systems such as the V42bis system implemented in some dial-up modems.
This means that using a IPsec VPN over a dial-up modem can be a real problem, since the compression is done after the encryption process. This means that the compression process is seeing the encrypted traffic. The preferred scenario would be for the IPsec client to do compression before the encryption,. Once the traffic has been processed by the IPsec client the traffic will be past to the modem. In this situation the compression on the modem should be turned off. This will avoid the possibility that the modem will actually expand the traffic. It will also avoid the overhead of the modem attempting to compression the encrypted traffic and the associated delays introduced by the process.
Page updated
Report abuse