Class Notes (839,150)
United States (325,799)
IST 233 (38)
Lecture 8

IST 233 Lecture 8: IST 233 M001 Molta 2:15

2 Pages

Information Studies
Course Code
IST 233
David Molta

This preview shows 80% of the first page. Sign up to view the full 2 pages of the document.
IST 233 M001 Molta 2152017 Protection and countermeasures o Protection against security attacks requires a multipronged approach Employee policies defining acceptable use and sanctions associated with policy violation Encryption of data that passses through networks Access control technologies that authenticate users Authorization systems that restrict access based on the role of employees IT staff policies defining best practices for network, system, and application managers Advances security systems including firewalls, vulnerability assessment and intrusion detectionprotection systems Encryption o Using advanced mathematical methods to convert plaintext to ciphertext o Can do encryption on 3 of the 5 layers Data link eg. AirorangeX encrypts the WiFi data frames, concealing all data and IP addresses If encryption occurs in the lowest layer, all layers above are safe Internetlayer IPSec VPNs encrypt IP packets, protecting transport and application layers Applicationlayer SSLTLS encrypts the data field of application protocols, including HTTP o Symmetric sharedkey encryption Simplest form of encryption, each party knows the encryption key; same key used to encrypt and decrypt Biggest challenge is secure key distribution o Asymmetric Public Key encryption uses public key to encrypt, private key to decrypt I encrypt data sent to you using a secure private key You decrypt the ciphertext using a secure private key HTTPS uses trusted thirdparties to issue digital certificates SSL encryption o SSL(secure sockets layer)TLS encryption was developed to secure web transaction In many cases, you would like your web transactions to be secure. Authentication o Proving ones digital identity Simple IDUsername Advanced and multifactor authentication, biometric authentication (fingerprints, retina scans) o How granular is your authorization system? How detailed is it, eg. each file? o How authentication works A supplicant (software on the client device) proves its identity to the verifier by sending its credentials Supplicant > credentials (password etc..) >verifier >acceptance or rejection >supplicant
More Less
Unlock Document

Only 80% of the first page are available for preview. Some parts have been intentionally blurred.

Unlock Document
You're Reading a Preview

Unlock to view full version

Unlock Document

Log In


Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.