Jane's Public Key To Encrypt The Message example essay topic

Security and Open Systems Interconnect (OSI) Tony NTC/410, Network and Telecommunications Concepts I IMr. Li July 9, 2005 Security and Open Systems Interconnect (OSI) Security to networks and data has been a concern since the introduction of the Personal Computer (PC) in the work place. There always seems to be someone who wants gain unauthorized access. Below are a few areas that an administrator can look into to help secure their system.

File Security and Firewalls File Security is keeping unauthorized access to your data. Encryption and password security is normally the best way to keep your data in the correct hands. Another way is install a firewall. A firewall is a system designed to prevent unauthorized access to or from a private network.

Firewalls can be implemented in both hardware and software, or a combination of both and are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet. There are several types of firewall techniques: o Packet Filter: Packet filtering looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing. o Application Gateway: Application gateway applies security mechanisms to specific applications, such as FTP and Telnet servers.

This is very effective, but can cause performance degradation. o Circuit-Level Gateway: This applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking. o Proxy Server: This intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses. In practice, many firewalls use two or more of these techniques in concert.

A firewall is considered a first line of defense in file and network security. For greater security, data should be encrypted. (web) Symmetric and asymmetric encryption Symmetric encryption is a type of encryption where the same key is used to encrypt and decrypt the message. This differs from asymmetric encryption, which uses one key to encrypt a message and another to decrypt the message. These two keys are a public key known to everyone and a private or secret key known only to the recipient of the message. When John wants to send a secure message to Jane, he uses Jane's public key to encrypt the message. Jane then uses her private key to decrypt it.

An important element to the public key system is that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. Moreover, it is virtually impossible to deduce the private key if you know the public key. (web) Secret and private key In cryptography, a private or secret key is an encryption / decryption key known only to the party or parties that exchange secret messages. In traditional secret key cryptography, a key would be shared by the communicators so that each could encrypt and decrypt messages. The risk in this system is that if either party loses the key or it is stolen, the system is broken.

A more recent alternative is to use a combination of public and private keys. (web) Digital certificate and PKI Digital Certificate is an attachment to an electronic message used for security purposes. The purpose is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply. An individual wishing to send an encrypted message applies for a digital certificate from a Certificate Authority (CA). The CA issues an encrypted digital certificate containing the applicant's public key and a variety of other identification information.

The CA makes its own public key readily available through print publicity or perhaps on the Internet. The recipient of an encrypted message uses the CA's public key to decode the digital certificate attached to the message, verifies it as issued by the CA and then obtains the sender's public key and identification information held within the certificate. With this information, the recipient can send an encrypted reply. PKI is the most widely used standard for digital certificates.

Short for public key infrastructure, it is a system of digital certificates, Certificate Authorities, and other registration authorities that verify and authenticate the validity of each party involved in an Internet transaction. PKIs are currently evolving and there is no single PKI nor even a single agreed-upon standard for setting up a PKI. However, nearly everyone agrees that reliable PKIs are necessary before electronic commerce can become widespread. (web) OSI Model Short for Open System Interconnection, (pronounced as separate letters), is an ISO standard for worldwide communications that defines a networking framework for implementing protocols in several layers. Control is passed from one layer to the next, starting at the application layer in one station, and proceeding to the bottom layer, over the channel to the next station and back up the hierarchy. At one time, most vendors agreed to support OSI in one form or another, but OSI was too loosely defined and proprietary standards were too entrenched.

Most of the functionality in the OSI model exists in all communications systems, although two or three OSI layers may be incorporated into one. (web) The OSI, layers: OSI Layer Description Application (Layer 7) This layer supports application and end-user processes. Communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are identified. Everything at this layer is application-specific. This layer provides application services for file transfers, e-mail, and other network software services. Telnet and FTP are applications that exist entirely in the application level. Tiered application architectures are part of this layer.

Presentation (Layer 6) This layer provides independence from differences in data representation (e. g., encryption) by translating from application to network format, and vice versa. The presentation layer works to transform data into the form that the application layer can accept. This layer formats and encrypts data to be sent across a network, providing freedom from compatibility problems. It is sometimes called the syntax layer.

Session (Layer 5) This layer establishes, manages and terminates connections between applications. The session layer sets up, coordinates, and terminates conversations, exchanges, and dialogues between the applications at each end. It deals with session and connection coordination Transport (Layer 4) This layer provides transparent transfer of data between end systems, or hosts, and is responsible for end-to-end error recovery and flow control. It ensures complete data transfer. Network (Layer 3) This layer provides switching and routing technologies, creating logical paths, known as virtual circuits, for transmitting data from node to node. Routing and forwarding are functions of this layer, as well as addressing, internet working, error handling, congestion control and packet sequencing.

Data Link (Layer 2) At this layer, data packets are encoded and decoded into bits. It furnishes transmission protocol knowledge and management and handles errors in the physical layer, flow control and frame synchronization. The data link layer is divided into two sub layers: The Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. The MAC sub layer controls how a computer on the network gains access to the data and permission to transmit it. The LLC layer controls frame synchronization, flow control and error checking.

Physical (Layer 1) This layer conveys the bit stream - electrical impulse, light or radio signal -- through the network at the electrical and mechanical level. It provides the hardware means of sending and receiving data on a carrier, including defining cables, cards and physical aspects. Fast Ethernet, RS 232, and ATM are protocols with physical layer components. (web) Threats and counter measures to each level. OSI Layer Attacks / Security Concerns Preventive Measures Physical (Layer 1) &Data Link (Layer 2) o Sniffing o Spoofing o Private device connecting o MAC Address Table Overload o Enforce physical security policies to limit access to the systems physical hardware. (ie. Hubs and repeaters) o Require frequent password changes and standards.

Network (Layer 3) o Route Spoofing o Digital Snooping o Wormo Masquerade o Limit the use of automated services. o Apply security patch upgrades. o Set up multiple levels of access and use security privilege so Firewalls Transport (Layer 4) o TCP Hijacking o Blind Spoofing o Sequential Scanningo RPC (information gathering) o Password security and policies. o Limit access to the passwords. Session (Layer 5) o Blind Spoofing Worm o Password security and policies. o Firewalls Presentation (Layer 6) o Viruso RPC (information gathering) o Encryptiono Password security and policies Application (Layer 7) o RPC (information gathering) o Spamming o Viruso Wormo Dictionary Scanningo Browsing o Encryptiono Limit connectivity and downloads o Restrict software loads o Enforce mandatory access controls. o Firewalls Virus scanning software (web) Every person that has access to the system must keep in mind that security is everyone's problem. It all starts with the end users. Firewalls, security passwords, and the IT department can only do so much to secure a system.