Professional Documents
Culture Documents
Network Security Essentials
Network Security Essentials
Network Security Essentials
Secure Systems
1. Security policy
– What needs to be protected
– Kinds / level of protection
– Responsibilities
– Auditing policy
2. Security environment
– Physical environment
– Physical security
– Hardware, operating system
– firewalls, etc
3. Security mechanisms
– cryptographic technologies
– authentication methods
– security protocols
Properties of algorithms:
reversible: can transform cyphertext back to plaintext
symmetric: uses one key for both encryption and decryption
Each time the user logs in after that, the system encrypts the password that has
been typed in and compares it to the cyphertext stored in the database.
Mechanisms to Protocols: Digital
Signatures
(Message
PAY WONG $100 // 1352 Altered PAY WING $180
Split
in transit)
Combine
Hash = 1352 Hash algorithm
Hash = 1352
New Hash = 3972
SO ...
• Generate a symmetric ‘session key’
– Used only for this communication session
– Random number
• Use public key to encrypt
• Then use the session key to exchange data
IP
Data Link
Both Alice and Bob can be confident that the session key is a secret shared only by
them, provided that they have the correct public keys - otherwise this method is
vulnerable to attack by a third party impersonating Alice to Bob and Bob to
Alice.
The Man-in-the-Middle attack works when public keys all look the
same, and people exchange keys directly.
0. CA AUTHENTICATES
SENDER, DIGITALLY
4. DECRYPT SENDER’S SIGNS CERTIFICATE
MESSAGE USING
SENDER’S PUBLIC KEY
3. VERIFY IDENTITY
OF SENDER.
2. VERIFY THAT CA
NAME MATCHES.
Requires:
Generating public and private keys
Generating a self-signed certificate
Changing configuration files