This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Internet Security Chapter contents This chapter examines the topic of network security. It <rst examines the reasons why the Internet is insecure. It then looks at some of the types of attack that have been carried out over the last decade and some of the techniques that have been used to guard against them. A major part of the chapter looks at cryptography: the process of modifying data and mess- ages so that they cannot be read and understood by a third party. A number of different technologies based on cryptography are detailed and a case study presented. The case study is the Secure Sockets Layer, the most popular technology used to transfer secure data over the Internet. The chap- ter concludes with a description of some of the security facilities provided in Java security APIs. Aims 1. To outline the security weaknesses of the Internet. 2. To examine how current security technology is able to counter many of the security threats that are current on the Internet. 3. To detail the base technology of cryptography. 4. To outline some of the Java facilities that can be used in computer security. Concepts ARP cache, ARP spoo<ng, Bastion host, Chosen plain text attack, Cipher text, Cryptography, Data virus, Decryption, Demilitarised zone, Device driver virus, Differential cryptanalysis attack, Differential fault analysis, Dif<eHellman key exchange, Digest, Digital certi<cate, Digital Signature Algorithm, Digital Signature Standard, Directory server, DNS spoo<ng, E-card, ElGamel sys- tem, Encryption, Executable virus, Factoring attack, Family and friends virus, Firewall, Infection, IP spoo<ng, Key, Known plain text attack, Master secret, Message authentication code, Mutation, Plain text, Polymorphic virus, Pre- master secret, Private key, Proxy server, Public key, RSA, Scanner, Screened host <rewall, Screened subnet, Smart card, SSL handshake protocol, SSL record protocol, Startup <le, Stealth virus, Substitution, Symmetric key, Transformation, Trojan horse, Virus, Warez. 1 Introduction 2 Reasons for insecurity 3 Forms of attack 3.1 Non-technological attacks 3.2 Destructive attacks 3.3 Viruses 3.4 Scanners 3.5 Password crackers 3.6 Sniffers 3.7 Trojan horses 3.8 Spoo<ng 3.9 Technology-based attacks 4 Cryptography and its products 4.1 The basis of cryptography 4.2 Symmetric key cryptography 4.3 Attacks on symmetric key schemes 4.4 Public key cryptography 5 Technologies based on encryption 5.1 Message digest functions 5.2 Digital signatures 5.3 Digital certi<cates 5.4 Cryptographic systems 5.5 Key exchange 6 Techniques and software tools 6.1 Logging tools 6.2 Virus scanners 6.3 Network topology techniques 6.4 Security checking software 7 SSL: a case study 7.1 Functionality 7.2 Supported cipher suites 7.3 The transfer process 7.4 Server authentication 7.5 Client authentication 8 Security facilities in Java 8.1 The Java security model 8.2 The Java Cryptographic Extension 9 Payment systems 9.1 Customer to business payments 9.2 Business to business payments 10 Web sites and security 11 Further reading References 11 298...
View Full Document
- Spring '08