Alachisoft.com

NCache Security and Encryption

NCache provides powerful security and encryption features that help ensure that your cache is protected from unauthorized access and your sensitive application data is secured both in the cache store and also during the transmission over network between your application and the cache servers. And, you can do all of this without any code changes.

Cache Security: Authentication

NCache security ensures that only authorized connections to the cache are accepted either for cache usage or for administration. All other connections are rejected.

When NCache security is enabled, all connections to the cache cluster must first be authenticated against Active Directory at the cache server.

You must provide credentials at the time of establishing a connection to the cache. And, if your credentials are not authenticated, the connection request is denied. You can specify user credentials in the following places:

  1. NCache client configuration files
  2. When calling NCache.InitializeCache(…) API from your application
  3. In NCache Manager for administering the cache

NCache keeps your password encrypted in the NCache configuration files and in NCache Manager wherever you specify it.

Cache Security: Authorization

After NCache authenticates a connection to the cache successfully, it checks NCache security configuration files at the cache server in order to authorize this connection. Each connection to the cache can be categorized as one of the followings:

  1. User: can access the cache for read/write but not administers it. A “user” is defined at cache level.
  2. Admin: can access the cache for read/write and also administers it. An “admin” is defined at cache server level.

You can specify authorization information through NCache management tools at the time of enabling security. You can then add additional “users” or “admins” to the security authorization as needed.

NCache Data Encryption Feature
Figure 1: NCache Data Encyption Feature

Data Encryption

If your application deals with confidential and sensitive data that you want to secure and you’re using an in-memory distributed cache, you need to ensure that your distributed cache protects this sensitive data from unwanted access through encryption.

NCache provides a rich set of encryption algorithms that are nearly impossible to break. This ensures that your sensitive data is really protected well. NCache provides the following encryption algorithms that you can choose from:

  1. 3DES: very strong 168-bit encryption
  2. AES-128: very strong 128-bit encryption
  3. AES-192: very strong 192-bit encryption
  4. AES-256: very strong 256-bit encryption

NCache data encryption and decryption occurs inside the NCache client application process. This means that all data travelling over the network between your application and the cache cluster is already encrypted. Similarly, only encrypted data is stored in cache store.

You can enable encryption through NCache management tools without any programming effort on your part. Once encryption is enabled, NCache client automatically starts encrypting your objects before sending them to the cache cluster. And, it automatically decrypts objects fetched from the cache before delivering them to your application.

You provide an encryption key that NCache uses which is kept inside NCache security configuration files at each cache server in an encrypted manner. Encryption key is automatically sent to clients to be used in memory upon a successful connection.


What to Do Next?