1- Security (chapter 11)
2- Review final exam
1. File security
2. Communicate channel security
3. Internet security
5. Methods to secure a network
1- File security
a. Categories of secure files types
b. Rings outside to inside
i. Public data web pages
ii. Internal files: username + password
iii. Certified files (HR): Username + password + permission
iv. Server files username + password + permission + certification (encryption + key)
c. File security(encryption)
i. Encryption is the process of converting plain text data into non-plain text.
PKI: public key infrastructure
- Contain 2 key, one is public, the other key is private.
- These 2 keys are hashed together.
- There are 2 types of email encryption using PKI or RSA algorithm.
a) PGP – pretty good privacy
b) SMME: secure multi-purpose internet mail extensions.
- There are other encryption methods used by different operating systems.
o E.g: DES: data encryption system, 56 bit encryption.
o 3DES : 128-bit encryption.
- AES: Advance encryption system widely used with channel security, VPN, & IPsec
2- Channel security
a. By default all communication channels are non-secure communication (plain text)
b. Virtual private network is a method of securing communication channel when using a
VPN: There are 2 methods:
1.PPTP: Point – to – point tunneling protocol (modem)
- Note PPTP encrypt data with 56-bit encryption method.
-IPSec-L2TP: layer 2 tunneling protocol
- L2TP with IPsec provides a VPN secure channel by using AES 128 bit Microsoft uses MS-CHAP for client/server authentication’
MS-CHAP v2 is a 2-way authentication channel. CHAP: challenged handshake authentication protocol.
Both client & server must be able to authenticate themselves to each other at any given time.
- Kerbose protocol: use must be authenticated in domain. Domain does not use chap, they use
- Kerbose is a domain based authentication.
- Back to back firewall is the most secure system
An advanced firewall does the following tasks:
1. Block unwanted web sites.
2. Block unwanted IP Addresses.
3. Block unwanted application.
4. Block unw