Home HomeFoster Alan Dean Zaginiona DinotopiaPieklo GabrielaChmielewska Joanna (Nie)boszczyk maz (2)Wojownicy Nocy t.2Grisham John Komora (3)Card Orson Scott Cien HegemonaAdobe.Photoshop.7.PL.podręcznik.uzytkownika.[osiolek.pl] (2)Ziemia obiecana ReymontWyndham John Dzien Tryfidow (SCAN dal 710)Tan Amy Corka Nastawiacza Kosci (3)
  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • karro31.htw.pl
    •  

    [ Pobierz całość w formacie PDF ]
    .) are compromised by an intruder, thedata is still unusable.Naturally, encryption keys and the like should be protected at least aswell as account passwords.Information in transit (over a network) may be vulnerable to interception as well.Severalsolutions to this exist, ranging from simply encrypting files before transferring them (end-to-end encryption) to special network hardware which encrypts everything it sends without userintervention (secure links).The Internet as a whole does not use secure links, thus end- to-endencryption must be used if encryption is desired across the Internet.3.9.2.1.1 Data Encryption Standard (DES)DES is perhaps the most widely used data encryption mechanism today.Many hardware andsoftware implementations exist, and some commercial computers are provided with a softwareversion.DES transforms plain text information into encrypted data (or ciphertext) by means ofa special algorithm and  seed value called a key.So long as the key is retained (or remem-bered) by the original user, the ciphertext can be restored to the original plain text.One of the pitfalls of all encryption systems is the need to remember the key under which athing was encrypted (this is not unlike the password problem discussed elsewhere in thisdocument).If the key is written down, it becomes less secure.If forgotten, there is little (ifany) hope of recovering the original data.Most UNIX systems provide a DES command that enables a user to encrypt data using theDES algorithm. RFC 1244 The Site Security Handbook 1993.9.2.1.2 CryptSimilar to the DES command, the UNIX crypt command allows a user to encrypt data.Unfortunately, the algorithm used by  crypt is very insecure (based on the World War II Enigma device), and files encrypted with this command can be decrypted easily in a matterof a few hours.Generally, use of the  crypt command should be avoided for any but the mosttrivial encryption tasks.3.9.2.2 Privacy Enhanced MailElectronic mail normally transits the network in the clear (i.e., anyone can read it).This isobviously not the optimal solution.Privacy enhanced mail provides a means to automaticallyencrypt electronic mail messages so that a person eavesdropping at a mail distribution node isnot (easily) capable of reading them.Several privacy enhanced mail packages are currentlybeing developed and deployed on the Internet.The Internet Activities Board Privacy Task Force has defined a draft standard, elective protocolfor use in implementing privacy enhanced mail.This protocol is defined in RFCs 1113, 1114,and 1115 [7,8,9].Please refer to the current edition of the  IAB Official Protocol Standards(currently, RFC 1200 [21]) for the standardization state and status of these protocols.3.9.3 Origin AuthenticationWe mostly take it on faith that the header of an electronic mail message truly indicates theoriginator of a message.However, it is easy to  spoof, or forge the source of a mail message.Origin authentication provides a means to be certain of the originator of a message or otherobject in the same way that a Notary Public assures a signature on a legal document.This isdone by means of a  Public Key cryptosystem.A public key cryptosystem differs from a private key cryptosystem in several ways.First, apublic key system uses two keys, a Public Key that anyone can use (hence the name) and aPrivate Key that only the originator of a message uses.The originator uses the private key toencrypt the message (as in DES).The receiver, who has obtained the public key for theoriginator, may then decrypt the message.In this scheme, the public key is used to authenticate the originator s use of his or her privatekey, and hence the identity of the originator is more rigorously proven.The most widelyknown implementation of a public key cryptosystem is the RSA system [26].The Internetstandard for privacy enhanced mail makes use of the RSA system.3.9.4 Information IntegrityInformation integrity refers to the state of information such that it is complete, correct, andunchanged from the last time in which it was verified to be in an  integral state.The value ofinformation integrity to a site will vary.For example, it is more important for military and 200 Part I: Managing Internet Securitygovernment installations to prevent the  disclosure of classified information, whether it isright or wrong.A bank, on the other hand, is far more concerned with whether the accountinformation maintained for its customers is complete and accurate.Numerous computer system mechanisms, as well as procedural controls, have an influence onthe integrity of system information.Traditional access control mechanisms maintain controlsover who can access system information.These mechanisms alone are not sufficient in somecases to provide the degree of integrity required.Some other mechanisms are briefly discussedbelow.It should be noted that there are other aspects to maintaining system integrity besides thesemechanisms, such as two-person controls, and integrity validation procedures.These arebeyond the scope of this document.3.9.4.1 ChecksumsEasily the simplest mechanism, a simple checksum routine can compute a value for a systemfile and compare it with the last known value.If the two are equal, the file is probably un-changed [ Pobierz całość w formacie PDF ]

  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • syriusz777.pev.pl

    •