Previous Table of Contents Next


Encryption

Public-Key Encryption. Public-key encryption is the most popular form of encryption, largely because of the program PGP. PGP, which was created by Philip Zimmermann and uses Rivest-Shamir-Adelman algorithms to encrypt messages, and is freely available on various Internet sites.

The basic premise of public-key encryption is that each user creates two unique keys, one that the user keeps and a public key that the user gives to others. The user then obtains the public keys of the desired recipients of a message and uses them to encrypt a file that only the receivers can unencrypt. Most users also sign their files with a unique signature (i.e., a block of characters) that receivers can verify by applying the sender’s public key to the message.

Private-Key Encryption. Private-key encryption is less popular but considered to be robust. The main advantage of this form of encryption is that it lets users exchange their keys more securely than can public-key techniques. The most popular private-key encryption software is MIT’s Kerberos.

Hardware-Embedded Techniques. Some companies are moving toward encryption techniques embedded in hardware. PCMCIA cards can be manufactured with the capability to provide secrecy and authentication for the user. This technology is still in its early stages, so its usability and acceptance are uncertain.

Authentication

Various techniques, some of which have no cost and others that are encryption-based, are available to verify the identity of a sender and the authenticity of a message. Authentication becomes increasingly important for ensuring that individuals ordering products over the Web are who they claim to be. Some authentication methods include:

  Stipulating that a sender sign a message by citing something only the receiver and the sender would know (e.g., a discussion the sender and the recipient had the day before, a pet name, a favorite color). Obviously, this method works only when the sender and the receiver know one another.
  Using a three-way hand shake (i.e., sending a first message, having the receiver send a reply, and finally sending the actual communication).
  Using a program that creates a unique digital signature for the user. Many encryption techniques have the capability to create such signatures.
  Embedding a time stamp into an E-mail document. This method is used primarily to verify when a document was mailed for legal suits and contract issues.

FIREWALLS

Firewalls are the dominant technology used to protect corporate networks from hackers. A firewall is a piece of software that lies between a company’s internal network and the Internet and forms a barrier to prevent hackers from gaining access. Drawing from the analogy of home design, the designer needs to decide where to put windows and reinforced doors in the walls of a house. If a company creates a firewall without any windows, people inside the company cannot see out into the Internet and use many of its services. Thus firewall planning involves a tradeoff between user flexibility and the level of security provided for the internal network. Although no firewall is perfect in this attempt, many come close.

Once a corporation decides to put in a firewall, security personnel need to program the firewall to support the organization’s security needs. A firewall can be restrictive or flexible depending on the company’s goals. For instance, specific services, such as FTP, which is one of the most common ways for a hacker to break into a server, can be limited to reduce the probability of break-ins.

The primary purpose of a firewall is to look at every piece of information that is sent either into or out of the internal network. Firewalls act on a message on the basis of user identification, point of origin, file, or other codes or actions. There are four basic actions a firewall can take when it looks at a piece of information:

  The packet of information can be dropped entirely.
  An alert can be issued to the network administrator.
  A message can be returned to the sender after a failed attempt to send the packet through.
  The action can just be logged.

Several different types of firewalls protect the internal network at different network layers. The two most common types of firewalls are router-based IP level firewalls and host-based application-level firewalls.

Router-Based IP-Level Firewalls

The router-based firewall focuses on packets — the basic unit of communications within the TCP/IP, the most commonly used protocol for Internet communications. Router-based firewalls control traffic at the IP level going into or coming out of the internal network, blocking or passing along data packets depending on the packet’s header. They examine the network application service requested (e.g., FTP, Telnet protocol type [e.g., TCP, UDP, ICMP]), and the source and destination address of each packet that arrives at the firewall. The network administrator configures the packet-filtering firewalls to accept or reject packets according to a list of acceptable hosts, routes, or services.

Unfortunately, when a firewall is reading these packets, network performance may slow down by as much as 20%. Other drawbacks of router-based firewalls include:

  The firewalls do not allow for granular control of the packets.
  They are cumbersome to code and when set up incorrectly may offer a false sense of security.
  They usually do not log the actions that take place at the firewall, so the network administrator cannot monitor how hackers are attempting to break into the system.

Host-Based Application-Level Firewalls

Host-based application-level firewalls are considered more flexible and more secure than router-based IP-level firewalls. They reside on a host computer, typically a dedicated UNIX machine, PC, or Macintosh and can be configured to support elaborate network access control policies with fine granularity. Application-level firewalls control network application connections (e.g., Telnet, FTP, SMTP) down to the individual or group level by type of action and time of action permissible. The ability to limit the time when certain functions run is particularly useful, because many renegade hackers, dubbed midnight hackers, work late at night and network administrators need to be able to restrict many of the potentially unsecured Internet functions during those hours.


Previous Table of Contents Next

Copyright © CRC Press LLC