Your SlideShare is downloading. ×
Chapter 08
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Chapter 08

1,037

Published on

CS325

CS325

Published in: Education, Technology
1 Comment
2 Likes
Statistics
Notes
No Downloads
Views
Total Views
1,037
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
1
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Linux Networking and Security Chapter 8 Making Data Secure
  • 2. Making Data Secure
    • Explain commonly used cryptographic systems
    • Understand digital certificates and certificate authorities
    • Use the PGP and GPG data-encryption utilities
    • Describe different ways in which cryptography is applied to make computer systems more secure
  • 3. Cryptography and Computer Security
    • Computer security is about making certain that the only people accessing resources or data are those whom should have access
    • Cryptography is the science of encoding data so that it cannot be read without special knowledge or tools; it is a key part of network applications and normally hidden from view
    • Network connections can be tapped to allow for viewing of transmitted data - called sniffing the network, and encryption can block this
  • 4. Cryptography and Computer Security
  • 5. Basic Encoding Techniques
    • The process of cryptography is as follows:
      • Begin with the message to transmit - called the plaintext
      • Apply a technique or rule called a cipher to change the plaintext
      • The result is ciphertext, an encrypted message
    • The most elementary example of encryption is letter-substitution where a different letter of the alphabet is substituted for each letter in the message
  • 6. Key Systems
    • Rules, known as algorithms, allow letter-substitution to convert plaintext to ciphertext
    • The level of complexity of an algorithm can be increased by using a key, a code necessary to encrypt or decrypt a message correctly using the algorithm
    • Knowing the algorithm (the cipher) should not enable readability; good security assumes an eavesdropper knows the cipher, but the key must be kept secret
  • 7. DES
    • The Data Encryption Standard (DES) was developed in the 1970s and uses a 56-bit key to encrypt data using various algorithms
    • 56 bits provide for 2 56 possible keys
    • It now takes 20 hours to break a DES key
    • DES is being phased out, but it is still widely used since relatively few people have the equipment to break the key, 20 hours is still a relatively long time in the Internet age, and it was a widely implemented U.S. standard
  • 8. Skipjack and Triple DES
    • There were several responses to the cracking of DES:
      • DES keys were increased to 1024 bits
      • Creation of a new algorithm called Skipjack, which uses an 80 bit key
      • Triple DES relies on DES, but encodes each message three times using three different keys
      • Advanced Encryption Standard (AES) can provide roughly 10 77 possible keys, and was approved for use by U.S. government agencies in May 2002
  • 9. Symmetric and Asymmetric Encryption
    • Symmetric encryption algorithms
      • Use the same key and algorithm to encrypt and decrypt a message
      • The key used is called a private key, because it must be kept secret for the message to be secure
    • Asymmetric encryption algorithms
      • Use one key to encrypt and another to decrypt
      • The key you can reveal to everyone is called a public key
  • 10. Symmetric and Asymmetric Encryption
  • 11. Symmetric and Asymmetric Encryption
  • 12. Symmetric and Asymmetric Encryption
  • 13. Symmetric and Asymmetric Encryption
  • 14. Signatures and Certificates
    • Authentication is the process of proving that you are in fact the person you say you are
    • Signatures let you authenticate a public key
      • You sign another person’s public key with your own private key to verify that the key really belongs to that person
    • Certificates provide the same type of verification as signatures
      • A certificate is a numeric code that is used to identify an organization
  • 15. Signatures and Certificates
  • 16. Signatures and Certificates
  • 17. Fingerprints
    • A fingerprint is a smaller number that is derived from a very lengthy public key
    • Fingerprints are created by hashing the public key, a process by which a mathematical function is used that converts larger numbers into smaller numbers
    • Two commonly used hashes:
      • Message digest hash (MD5) provides 128 bits
      • Secure hash algorithm (SHA-1) provides 160 bits
  • 18. Using Cryptography in a Browser
    • Whenever you visit a Web page that has been transmitted to your computer using encryption, you see a small lock or key in the lower left corner of the browser window
    • Most encrypted Web pages, such as order-entry screens, shopping carts, and similar data, appear with a URL that starts with https
    • The encrypted protocol for Web pages is Secure Socket Layer (SSL)
  • 19. Using Cryptography in a Browser
  • 20. Using Cryptography in a Browser
  • 21. Using Cryptography in a Browser
  • 22. Using Cryptography in a Browser
  • 23. Kerberos Authentication
    • Kerberos authentication is a special kind of authentication for organizational networks
    • Kerberos was developed at MIT and is widely used around the world
    • Kerberos secures a network by providing a system that makes users prove who they are before they can use a service and also makes services prove who they are
    • It uses both public-key cryptography and a symmetric cipher
  • 24. Kerberos Authentication
  • 25. Kerberos Authentication
  • 26. Kerberos Authentication
  • 27. Using Encryption Utilities
    • Pretty Good Privacy (PGP) is the first utility to provide public-key encryption to all
    • Although PGP software was formerly included in Linux, it has been replaced with GPG
    • Gnu Privacy Guard (GPG) is a public-key encryption utility and uses non-patented algorithms
      • GPG operates from the command line, but there are graphical utilities to make it easier to use
  • 28. Using Encryption Utilities
  • 29. Using Encryption Utilities
  • 30. Other Security Applications
    • RPM security can check a public-key signature on any package to verify that it came from its stated creator
    • Cryptographic File System (CFS) enforces cryptographic authentication on all users who want to share files across the network
    • Transparent Cryptographic File System (TCFS) operates transparently to users
    • IPSec and CIPE provide for IP packet encryption
  • 31. Secure Shell
    • Secure Shell (SSH) is an encrypted version of Telnet, which provides secure remote access
      • SSH allows other protocols to ride on top of it
    • A Virtual Private Network (VPN) is a secure organizational network that uses an insecure public network (Internet) for communications
      • VPNs are often created with the aid of specially designed software that integrates many networking functions with cryptographic protocols and system management software
  • 32. Virtual Private Networks
  • 33. Chapter Summary
    • Cryptography is the science of encoding data, typically using a key, so that people without the key cannot read the data
    • Cryptography protects computer networks against sniffers, programs that allow crackers to see data passing along a network
    • Many different algorithms are used to encrypt data and they are either symmetric or asymmetric
    • DES was a popular standard algorithm for years, until Triple DES and AES began to replace it
  • 34. Chapter Summary
    • Public-key encryption does not require that you openly exchange a secret key with the recipient of an encrypted message
    • RSA is the most familiar public-key algorithm
    • Signatures on a document show that the sender is the only one who could have sent the document
    • Certificates are issued and signed by certificate authorities such as VeriSign to vouch for the identity of the organization holding the certificate
  • 35. Chapter Summary
    • A hash is a mathematical function that creates a small number from a very large number and it is used to create a fingerprint
    • Browsers such as Netscape and Mozilla use cryptography via the Secure Sockets Layer (SSL) protocol to allow secure e-commerce transactions
    • Kerberos provides a network-wide user and service authentication scheme to limit network access to authorized users
    • PGP was the first freely available public-key encryption software and remains an industry standard on which GPG is based
  • 36. Chapter Summary
    • The Gnu Privacy Guard (GPG) is a free public-key encryption utility that lets you manage keys and encrypt, sign and decrypt documents
    • Keys should be signed only when the identity of the person providing the key has been ascertained with certainty
    • The rpm utility can check a public key signature on any package to verify that it came from the person or organization that claims to have created it
  • 37. Chapter Summary
    • Other security protocols built on the same principles of cryptography as GPG include IPsec, CIPE, CFS and TCFS
    • The Secure Shell (SSH) provides encrypted remote access via a utility that functions like Telnet. SSH also lets other protocols work with it to create secure connections for many purposes

×