Previous | Table of Contents | Next |
The Net is rife with risks. Hackers, crackers, saboteurs and other unsavory characters abound, eagerly attacking the Net and its users at every opportunity. The risks include system intrusion, unauthorized data access, system sabotage, planting of viruses, theft of data, theft of credit card numbers, and theft of passwords. While the Internet and WWW cant be blamed for the concepts and practice of mischief, fraud, theft, and other socially unacceptable forms of behavior, they certainly provide another high-tech cyberalley on the Information Superhighway. As noted by Panchatantra in the fifth century B.C.: Not a cow, nor a gift of land, nor yet a gift of food, is so important as the gift of safety, which is declared to be the great gift among all gifts in this world.
CERT (Computer Emergency Response Team) at Carnegie-Mellon University comprises a group of experts which are responsible for overseeing security issues on The Net. While it is highly doubtful that a single security measure or standard will prevail in the near and distant future, there exists a number of options, including message encryption, authentication, and authorization. Firewalls, incorporating much of the above, recently have gained the spotlight in terms of a defense mechanism.
Encryption
Encryption involves scrambling and compressing the data prior to transmission. The receiving device will be provided with the necessary logic in the form of a key to decrypt the transmitted information. Encryption logic generally resides in firmware included in standalone devices, although it can be built into virtually any device. For instance, such logic now is being incorporated into routers, which can encrypt/decrypt data on a packet-by-packet basis. Encryption comes in two basic flavors, private key, and public key.
Private key encryption, also known as single-key or secret-key encryption, requires that the key be kept secret.
Public key encryption involves the RSA encryption (encoding) key that can be used by all authorized network usersthe key for decoding is kept secret. Public key encryption is freely available on the Net via a program known as PGP (Pretty Good Privacy), developed by Philip Zimmerman. PGP was under a cloud for some time, as there was concern that it was so powerful as to be in violation of U.S. technology export laws. By the way, encryption technology technically is classified under U.S. law as a form of munitions. The commercial version of PGP is known as ViaCrypt PGP, offering an improved user interface.
Data Encryption Standards
Data encryption standards include DPF (Data Private Facility), DES, RSA and Clipper. DES (Data Encryption Standard), which uses a challenge-response approach and intelligent tokens, was formulated by the U.S. National Bureau of Standards. RSA, named after its developers, Rivest, Shamir and Adleman, is the standard for public key encryption. Clipper, an encryption standard developed by the U.S. government, uses escrowed keys to permit government deciphering through a back door. Clipper, which is non-exportable, is used extensively by the U.S. government and those who wish to do business with it. Encryption programs used on the Net include SSL, S-HTTP, and combinations of them.
Authentication
Authentication provides a means by which network managers can authenticate the identity of those attempting access to computing resources and the data they house. Authentication consists of Password Protection and Intelligent Tokens.
Previous | Table of Contents | Next |