Structure of the Internet: Internet security

From Wikibooks, open books for an open world
Jump to navigation Jump to search

PAPER 2 - ⇑ Fundamentals of communication and networking ⇑

← The Internet and how it works Internet security TCP-IP →


Internet Security[edit]

Firewall[edit]

Packet Filtering[edit]

Proxy Server[edit]

Stateful Inspection[edit]

Encryption[edit]

Data encryption is the process of scrambling data so that it is difficult to understand and unscramble. The encrypted (secure) data is called the ciphertext whereas the unencrypted data is called the plaintext.

Symmetric[edit]

Symmetric encryption is also known as Private Key Encryption and uses the same key to encrypt and decrypt data. Therefore, the key must be transferred alongside the data. This causes obvious security problems as if the data is intercepted, it can easily be deciphered.

Asymmetric[edit]

Asymmetric encryption, also known as Public Key Encryption, uses two keys (public and private key). The public key is made available so that others wishing to send you data can encrypt it. However, the public key cannot decrypt data. Consequently, a private key is used to decrypt data. This key is only known by you to make it as secure as possible.

Key Exchange[edit]

Key exchange is when the key to an encrypted text is sent to the recipient. The most known type is through Symmetric encryption where key exchange takes place alongside the exchange of the encrypted data.

Digital Certificates and Signatures[edit]

Keys[edit]

Encryption is used to hide sensitive messages from illegitimate recipients by using encryption algorithms and an encryption key to convert plain text to cipher text, illegible to those without the encryption and decryption key. Private/Public key encryption is when both parties have a pair of keys, one private and one public. The Public Key is kept in the open freely usable by anyone as is the encryption algorithm, however the Private Key is kept hidden.

  • A message encrypted with A's public key can only be decrypted with A's private key.
  • A message encrypted with A's private key can only be decrypted with A's public key.
  • A message encrypted with B's public key can only be decrypted with B's private key.
  • A message encrypted with B's private key can only be decrypted with B's public key.

creating keys from primary numbers public key encryption public key signing

Sending messages securely[edit]

Digital signatures are a way for the sender to prove to the receiver that the message did in fact originate from them. A digital signature is obtained through the following process:

Processes required before A sends the message to B Processes required to ensure the message is from A
Message is hashed to get a message digest. B decrypts the message with B's private key.
The message digest is encrypted with A's private key, this then becomes the signature. B decrypts the signature with A's public key to get the original message digest.
The signature is appended to the message. The decrypted message is hashed again, reproducing the message digest.
The message is encrypted using B's public key. The message has not been tampered with if the decrypted message digest is the same as the reproduced digest.
The encrypted message is sent to B.

Digital Signature diagram.svg

CPT-Internet-DigitalSignatures.svg

A Digital Certificate is a way of proving that the public key of the sender is authentic. Digital Certificates are only issued by a certification authority (CA). The certificates are encrypted into the message via the CA's private key, and can only be decrypted with the CA's public key.

Security Threats[edit]

There are a number to be aware of:

Viruses[edit]

A virus is a small computer program attached to another program or file and is intended to cause harm to a computer. The first step that a computer performs when the program is executed is to copy itself onto the disk and hide itself. After being copied onto the disk the virus can reside in memory and reconfigure the system so it causes problems such as displaying unwanted messages, destroying or corrupting files or even wiping the entire hard disk. Viruses tend to replicate themselves and also try to spread to other computers. Anti-virus programs are used to detect and remove these viruses. Nowadays web browsers have built-in virus scanners which scan files that are available for download.

Worms[edit]

A worm is a malicious program designed to replicate itself in an attempt to spread across a computer network such as the internet. The most significant difference between a worm and a virus is that a worm is a complete program on its own. Worms can disrupt network traffic and damage data.

Spam[edit]

Spam is the flooding of irrelevant unwanted message (silly pointless annoying messages) these can either be by email, SMS or instant messaging. Email spam is usually considered junk mail and millions of spam emails are sent every day. Text messaging spam is also used by companies to advertise themselves. Spam is considered to be disruptive and a waste of network bandwidth.

Phishing[edit]

Phishing is the act of deceiving a user to give sensitive information about themselves. This may happen by the use of phishing emails or even phishing sites, these look like the site the user is trying to access but are not, they are intended to capture information from the user. The term phishing comes from fishing, where instead of catching fish, information is caught.

Pharming[edit]

Pharming is technique used to redirect traffic from one website to another, Phishing and Pharming are used in conjunction. Pharming is the process of redirecting users to a different location so that a phishing technique can imitate and capture information about the user.

Computer Security Procedures[edit]

Authentication, Authorisation, Accounting.

Authentication[edit]

Verification of the user of the computer system. Forms of Authentication include passwords, biometric data, security tokens and digital signatures.

Authorisation[edit]

Specifying the access rights of different users to resources on a network.

Accounting[edit]

Keeping logs of user activity on a network.