CHAPTER I: NETWORK SECURITY
With the spread of Hackers and Hacking incidents, the time has come, when not only system administrators of servers of big companies, but also people who connect to the Internet by dialing up into their ISP, have to worry about securing their system. It really does not make much difference whether you have a static IP or a dynamic one, if your system is connected to the Internet or an Ethernet system, and then there is every chance of it being attacked.
The challenge of operating a secure web site is very real. The 1999 Information Security Industry Survey conducted by ICSA reports the number of companies that have been attacked by hackers jumped 92 percent from 1997 to 1998. The losses from security breaches averaged US$256,000 and a total of more than US$23 million for the 91 businesses surveyed. CERT, which monitors reports of computer network security breaches from around the world, has registered a steep rise in the number of reported incidents in the past few years (see chart below).
The current mainstay for securing web transactions is the Secure Socket Layer, or SSL, developed by Netscape and embedded in standard browsers. The SSL security protocol is used to create a secure session between a user and a web server using digital certificates. SSL provides for the encryption of data transmitted between client and server, allows for server authentication, ensures the integrity of messages, and can also provide for client authentication. It is very likely that the browser you are using provides SSL security When needed. The cryptographic strength (that is, how secure it is) depends on the length of the key used. SSL uses public key cryptography to send data between client and web server during a secure session. Public key cryptography is based on a pair of asymmetric keys used for encryption and decryption. Each key pair has a public key and a private key. The public key is just that -- made publicly available on a key server. The owner keeps the private key secret. Data encrypted with the public key can be decrypted only with the private key. Conversely, data encrypted with the private key can be decrypted only with the public key.
The asymmetric nature of public key cryptography makes it a valuable encryption tool for messaging on the web because it means the two parties (sender and receiver) do not need to share a single key. When you encrypt a message with your private key, then a recipient using your public key to decrypt the message will know that it is in fact from you. When someone uses your public key to encrypt a message to you, they will know that only you (as the holder of the private key) will be able to decrypt and read it.
1.2 Security of the "Networks"
1.2.1 Basic Security Concepts
Three basic security concepts important to information on the Internet are confidentiality, integrity, and availability. Concepts relating to the people who use that information are authentication,...