Linux Networking and Security Chapter 8 Making Data Secure
Making Data Secure <ul><li>Explain commonly used cryptographic systems </li></ul><ul><li>Understand digital certificates a...
Cryptography and Computer Security <ul><li>Computer security is about making certain that the only people accessing resour...
Cryptography and Computer Security
Basic Encoding Techniques <ul><li>The process of cryptography is as follows: </li></ul><ul><ul><li>Begin with the message ...
Key Systems <ul><li>Rules, known as algorithms, allow letter-substitution to convert plaintext to ciphertext  </li></ul><u...
DES <ul><li>The Data Encryption Standard (DES) was developed in the 1970s and uses a 56-bit key to encrypt data using vari...
Skipjack and Triple DES <ul><li>There were several responses to the cracking of DES: </li></ul><ul><ul><li>DES keys were i...
Symmetric and Asymmetric Encryption <ul><li>Symmetric encryption algorithms </li></ul><ul><ul><li>Use the same key and alg...
Symmetric and Asymmetric Encryption
Symmetric and Asymmetric Encryption
Symmetric and Asymmetric Encryption
Symmetric and Asymmetric Encryption
Signatures and Certificates <ul><li>Authentication is the process of proving that you are in fact the person you say you a...
Signatures and Certificates
Signatures and Certificates
Fingerprints <ul><li>A fingerprint is a smaller number that is derived from a very lengthy public key </li></ul><ul><li>Fi...
Using Cryptography in a Browser <ul><li>Whenever you visit a Web page that has been transmitted to your computer using enc...
Using Cryptography in a Browser
Using Cryptography in a Browser
Using Cryptography in a Browser
Using Cryptography in a Browser
Kerberos Authentication <ul><li>Kerberos authentication is a special kind of authentication for organizational networks </...
Kerberos Authentication
Kerberos Authentication
Kerberos Authentication
Using Encryption Utilities <ul><li>Pretty Good Privacy (PGP) is the first utility to provide public-key encryption to all ...
Using Encryption Utilities
Using Encryption Utilities
Other Security Applications <ul><li>RPM security can check a public-key signature on any package to verify that it came fr...
Secure Shell <ul><li>Secure Shell (SSH) is an encrypted version of Telnet, which provides secure remote access </li></ul><...
Virtual Private Networks
Chapter Summary <ul><li>Cryptography is the science of encoding data, typically using a key, so that people without the ke...
Chapter Summary <ul><li>Public-key encryption does not require that you openly exchange a secret key with the recipient of...
Chapter Summary <ul><li>A hash is a mathematical function that creates a small number from a very large number and it is u...
Chapter Summary <ul><li>The Gnu Privacy Guard (GPG) is a free public-key encryption utility that lets you manage keys and ...
Chapter Summary <ul><li>Other security protocols built on the same principles of cryptography as GPG include IPsec, CIPE, ...
Upcoming SlideShare
Loading in …5
×

Chapter 08

1,180 views

Published on

CS325

Published in: Education, Technology

Chapter 08

  1. 1. Linux Networking and Security Chapter 8 Making Data Secure
  2. 2. Making Data Secure <ul><li>Explain commonly used cryptographic systems </li></ul><ul><li>Understand digital certificates and certificate authorities </li></ul><ul><li>Use the PGP and GPG data-encryption utilities </li></ul><ul><li>Describe different ways in which cryptography is applied to make computer systems more secure </li></ul>
  3. 3. Cryptography and Computer Security <ul><li>Computer security is about making certain that the only people accessing resources or data are those whom should have access </li></ul><ul><li>Cryptography is the science of encoding data so that it cannot be read without special knowledge or tools; it is a key part of network applications and normally hidden from view </li></ul><ul><li>Network connections can be tapped to allow for viewing of transmitted data - called sniffing the network, and encryption can block this </li></ul>
  4. 4. Cryptography and Computer Security
  5. 5. Basic Encoding Techniques <ul><li>The process of cryptography is as follows: </li></ul><ul><ul><li>Begin with the message to transmit - called the plaintext </li></ul></ul><ul><ul><li>Apply a technique or rule called a cipher to change the plaintext </li></ul></ul><ul><ul><li>The result is ciphertext, an encrypted message </li></ul></ul><ul><li>The most elementary example of encryption is letter-substitution where a different letter of the alphabet is substituted for each letter in the message </li></ul>
  6. 6. Key Systems <ul><li>Rules, known as algorithms, allow letter-substitution to convert plaintext to ciphertext </li></ul><ul><li>The level of complexity of an algorithm can be increased by using a key, a code necessary to encrypt or decrypt a message correctly using the algorithm </li></ul><ul><li>Knowing the algorithm (the cipher) should not enable readability; good security assumes an eavesdropper knows the cipher, but the key must be kept secret </li></ul>
  7. 7. DES <ul><li>The Data Encryption Standard (DES) was developed in the 1970s and uses a 56-bit key to encrypt data using various algorithms </li></ul><ul><li>56 bits provide for 2 56 possible keys </li></ul><ul><li>It now takes 20 hours to break a DES key </li></ul><ul><li>DES is being phased out, but it is still widely used since relatively few people have the equipment to break the key, 20 hours is still a relatively long time in the Internet age, and it was a widely implemented U.S. standard </li></ul>
  8. 8. Skipjack and Triple DES <ul><li>There were several responses to the cracking of DES: </li></ul><ul><ul><li>DES keys were increased to 1024 bits </li></ul></ul><ul><ul><li>Creation of a new algorithm called Skipjack, which uses an 80 bit key </li></ul></ul><ul><ul><li>Triple DES relies on DES, but encodes each message three times using three different keys </li></ul></ul><ul><ul><li>Advanced Encryption Standard (AES) can provide roughly 10 77 possible keys, and was approved for use by U.S. government agencies in May 2002 </li></ul></ul>
  9. 9. Symmetric and Asymmetric Encryption <ul><li>Symmetric encryption algorithms </li></ul><ul><ul><li>Use the same key and algorithm to encrypt and decrypt a message </li></ul></ul><ul><ul><li>The key used is called a private key, because it must be kept secret for the message to be secure </li></ul></ul><ul><li>Asymmetric encryption algorithms </li></ul><ul><ul><li>Use one key to encrypt and another to decrypt </li></ul></ul><ul><ul><li>The key you can reveal to everyone is called a public key </li></ul></ul>
  10. 10. Symmetric and Asymmetric Encryption
  11. 11. Symmetric and Asymmetric Encryption
  12. 12. Symmetric and Asymmetric Encryption
  13. 13. Symmetric and Asymmetric Encryption
  14. 14. Signatures and Certificates <ul><li>Authentication is the process of proving that you are in fact the person you say you are </li></ul><ul><li>Signatures let you authenticate a public key </li></ul><ul><ul><li>You sign another person’s public key with your own private key to verify that the key really belongs to that person </li></ul></ul><ul><li>Certificates provide the same type of verification as signatures </li></ul><ul><ul><li>A certificate is a numeric code that is used to identify an organization </li></ul></ul>
  15. 15. Signatures and Certificates
  16. 16. Signatures and Certificates
  17. 17. Fingerprints <ul><li>A fingerprint is a smaller number that is derived from a very lengthy public key </li></ul><ul><li>Fingerprints are created by hashing the public key, a process by which a mathematical function is used that converts larger numbers into smaller numbers </li></ul><ul><li>Two commonly used hashes: </li></ul><ul><ul><li>Message digest hash (MD5) provides 128 bits </li></ul></ul><ul><ul><li>Secure hash algorithm (SHA-1) provides 160 bits </li></ul></ul>
  18. 18. Using Cryptography in a Browser <ul><li>Whenever you visit a Web page that has been transmitted to your computer using encryption, you see a small lock or key in the lower left corner of the browser window </li></ul><ul><li>Most encrypted Web pages, such as order-entry screens, shopping carts, and similar data, appear with a URL that starts with https </li></ul><ul><li>The encrypted protocol for Web pages is Secure Socket Layer (SSL) </li></ul>
  19. 19. Using Cryptography in a Browser
  20. 20. Using Cryptography in a Browser
  21. 21. Using Cryptography in a Browser
  22. 22. Using Cryptography in a Browser
  23. 23. Kerberos Authentication <ul><li>Kerberos authentication is a special kind of authentication for organizational networks </li></ul><ul><li>Kerberos was developed at MIT and is widely used around the world </li></ul><ul><li>Kerberos secures a network by providing a system that makes users prove who they are before they can use a service and also makes services prove who they are </li></ul><ul><li>It uses both public-key cryptography and a symmetric cipher </li></ul>
  24. 24. Kerberos Authentication
  25. 25. Kerberos Authentication
  26. 26. Kerberos Authentication
  27. 27. Using Encryption Utilities <ul><li>Pretty Good Privacy (PGP) is the first utility to provide public-key encryption to all </li></ul><ul><li>Although PGP software was formerly included in Linux, it has been replaced with GPG </li></ul><ul><li>Gnu Privacy Guard (GPG) is a public-key encryption utility and uses non-patented algorithms </li></ul><ul><ul><li>GPG operates from the command line, but there are graphical utilities to make it easier to use </li></ul></ul>
  28. 28. Using Encryption Utilities
  29. 29. Using Encryption Utilities
  30. 30. Other Security Applications <ul><li>RPM security can check a public-key signature on any package to verify that it came from its stated creator </li></ul><ul><li>Cryptographic File System (CFS) enforces cryptographic authentication on all users who want to share files across the network </li></ul><ul><li>Transparent Cryptographic File System (TCFS) operates transparently to users </li></ul><ul><li>IPSec and CIPE provide for IP packet encryption </li></ul>
  31. 31. Secure Shell <ul><li>Secure Shell (SSH) is an encrypted version of Telnet, which provides secure remote access </li></ul><ul><ul><li>SSH allows other protocols to ride on top of it </li></ul></ul><ul><li>A Virtual Private Network (VPN) is a secure organizational network that uses an insecure public network (Internet) for communications </li></ul><ul><ul><li>VPNs are often created with the aid of specially designed software that integrates many networking functions with cryptographic protocols and system management software </li></ul></ul>
  32. 32. Virtual Private Networks
  33. 33. Chapter Summary <ul><li>Cryptography is the science of encoding data, typically using a key, so that people without the key cannot read the data </li></ul><ul><li>Cryptography protects computer networks against sniffers, programs that allow crackers to see data passing along a network </li></ul><ul><li>Many different algorithms are used to encrypt data and they are either symmetric or asymmetric </li></ul><ul><li>DES was a popular standard algorithm for years, until Triple DES and AES began to replace it </li></ul>
  34. 34. Chapter Summary <ul><li>Public-key encryption does not require that you openly exchange a secret key with the recipient of an encrypted message </li></ul><ul><li>RSA is the most familiar public-key algorithm </li></ul><ul><li>Signatures on a document show that the sender is the only one who could have sent the document </li></ul><ul><li>Certificates are issued and signed by certificate authorities such as VeriSign to vouch for the identity of the organization holding the certificate </li></ul>
  35. 35. Chapter Summary <ul><li>A hash is a mathematical function that creates a small number from a very large number and it is used to create a fingerprint </li></ul><ul><li>Browsers such as Netscape and Mozilla use cryptography via the Secure Sockets Layer (SSL) protocol to allow secure e-commerce transactions </li></ul><ul><li>Kerberos provides a network-wide user and service authentication scheme to limit network access to authorized users </li></ul><ul><li>PGP was the first freely available public-key encryption software and remains an industry standard on which GPG is based </li></ul>
  36. 36. Chapter Summary <ul><li>The Gnu Privacy Guard (GPG) is a free public-key encryption utility that lets you manage keys and encrypt, sign and decrypt documents </li></ul><ul><li>Keys should be signed only when the identity of the person providing the key has been ascertained with certainty </li></ul><ul><li>The rpm utility can check a public key signature on any package to verify that it came from the person or organization that claims to have created it </li></ul>
  37. 37. Chapter Summary <ul><li>Other security protocols built on the same principles of cryptography as GPG include IPsec, CIPE, CFS and TCFS </li></ul><ul><li>The Secure Shell (SSH) provides encrypted remote access via a utility that functions like Telnet. SSH also lets other protocols work with it to create secure connections for many purposes </li></ul>

×