Linux Networking and Security Chapter 8 Making Data Secure

  • View
    216

  • Download
    0

Embed Size (px)

Transcript

  • Linux Networking and SecurityChapter 8Making Data Secure

  • Making Data SecureExplain commonly used cryptographic systemsUnderstand digital certificates and certificate authoritiesUse the PGP and GPG data-encryption utilitiesDescribe different ways in which cryptography is applied to make computer systems more secure

  • Cryptography and Computer SecurityComputer security is about making certain that the only people accessing resources or data are those whom should have accessCryptography is the science of encoding data so that it cannot be read without special knowledge or tools; it is a key part of network applications and normally hidden from viewNetwork connections can be tapped to allow for viewing of transmitted data - called sniffing the network, and encryption can block this

  • Cryptography and Computer Security

  • Basic Encoding TechniquesThe process of cryptography is as follows:Begin with the message to transmit - called the plaintextApply a technique or rule called a cipher to change the plaintextThe result is ciphertext, an encrypted messageThe most elementary example of encryption is letter-substitution where a different letter of the alphabet is substituted for each letter in the message

  • Key SystemsRules, known as algorithms, allow letter-substitution to convert plaintext to ciphertext The level of complexity of an algorithm can be increased by using a key, a code necessary to encrypt or decrypt a message correctly using the algorithmKnowing the algorithm (the cipher) should not enable readability; good security assumes an eavesdropper knows the cipher, but the key must be kept secret

  • DESThe Data Encryption Standard (DES) was developed in the 1970s and uses a 56-bit key to encrypt data using various algorithms56 bits provide for 256 possible keysIt now takes 20 hours to break a DES keyDES is being phased out, but it is still widely used since relatively few people have the equipment to break the key, 20 hours is still a relatively long time in the Internet age, and it was a widely implemented U.S. standard

  • Skipjack and Triple DESThere were several responses to the cracking of DES:DES keys were increased to 1024 bitsCreation of a new algorithm called Skipjack, which uses an 80 bit keyTriple DES relies on DES, but encodes each message three times using three different keysAdvanced Encryption Standard (AES) can provide roughly 1077 possible keys, and was approved for use by U.S. government agencies in May 2002

  • Symmetric and Asymmetric EncryptionSymmetric encryption algorithmsUse the same key and algorithm to encrypt and decrypt a messageThe key used is called a private key, because it must be kept secret for the message to be secureAsymmetric encryption algorithmsUse one key to encrypt and another to decryptThe key you can reveal to everyone is called a public key

  • Symmetric and Asymmetric Encryption

  • Symmetric and Asymmetric Encryption

  • Symmetric and Asymmetric Encryption

  • Symmetric and Asymmetric Encryption

  • Signatures and CertificatesAuthentication is the process of proving that you are in fact the person you say you areSignatures let you authenticate a public keyYou sign another persons public key with your own private key to verify that the key really belongs to that personCertificates provide the same type of verification as signaturesA certificate is a numeric code that is used to identify an organization

  • Signatures and Certificates

  • Signatures and Certificates

  • FingerprintsA fingerprint is a smaller number that is derived from a very lengthy public keyFingerprints are created by hashing the public key, a process by which a mathematical function is used that converts larger numbers into smaller numbersTwo commonly used hashes:Message digest hash (MD5) provides 128 bits Secure hash algorithm (SHA-1) provides 160 bits

  • Using Cryptography in a BrowserWhenever you visit a Web page that has been transmitted to your computer using encryption, you see a small lock or key in the lower left corner of the browser window Most encrypted Web pages, such as order-entry screens, shopping carts, and similar data, appear with a URL that starts with httpsThe encrypted protocol for Web pages is Secure Socket Layer (SSL)

  • Using Cryptography in a Browser

  • Using Cryptography in a Browser

  • Using Cryptography in a Browser

  • Using Cryptography in a Browser

  • Kerberos AuthenticationKerberos authentication is a special kind of authentication for organizational networksKerberos was developed at MIT and is widely used around the worldKerberos secures a network by providing a system that makes users prove who they are before they can use a service and also makes services prove who they areIt uses both public-key cryptography and a symmetric cipher

  • Kerberos Authentication

  • Kerberos Authentication

  • Kerberos Authentication

  • Using Encryption UtilitiesPretty Good Privacy (PGP) is the first utility to provide public-key encryption to allAlthough PGP software was formerly included in Linux, it has been replaced with GPGGnu Privacy Guard (GPG) is a public-key encryption utility and uses non-patented algorithmsGPG operates from the command line, but there are graphical utilities to make it easier to use

  • Using Encryption Utilities

  • Using Encryption Utilities

  • Other Security ApplicationsRPM security can check a public-key signature on any package to verify that it came from its stated creatorCryptographic File System (CFS) enforces cryptographic authentication on all users who want to share files across the networkTransparent Cryptographic File System (TCFS) operates transparently to usersIPSec and CIPE provide for IP packet encryption

  • Secure ShellSecure Shell (SSH) is an encrypted version of Telnet, which provides secure remote accessSSH allows other protocols to ride on top of itA Virtual Private Network (VPN) is a secure organizational network that uses an insecure public network (Internet) for communicationsVPNs are often created with the aid of specially designed software that integrates many networking functions with cryptographic protocols and system management software

  • Virtual Private Networks

  • Chapter SummaryCryptography is the science of encoding data, typically using a key, so that people without the key cannot read the dataCryptography protects computer networks against sniffers, programs that allow crackers to see data passing along a networkMany different algorithms are used to encrypt data and they are either symmetric or asymmetricDES was a popular standard algorithm for years, until Triple DES and AES began to replace it

  • Chapter SummaryPublic-key encryption does not require that you openly exchange a secret key with the recipient of an encrypted messageRSA is the most familiar public-key algorithmSignatures on a document show that the sender is the only one who could have sent the documentCertificates are issued and signed by certificate authorities such as VeriSign to vouch for the identity of the organization holding the certificate

  • Chapter SummaryA hash is a mathematical function that creates a small number from a very large number and it is used to create a fingerprintBrowsers such as Netscape and Mozilla use cryptography via the Secure Sockets Layer (SSL) protocol to allow secure e-commerce transactionsKerberos provides a network-wide user and service authentication scheme to limit network access to authorized usersPGP was the first freely available public-key encryption software and remains an industry standard on which GPG is based

  • Chapter SummaryThe Gnu Privacy Guard (GPG) is a free public-key encryption utility that lets you manage keys and encrypt, sign and decrypt documentsKeys should be signed only when the identity of the person providing the key has been ascertained with certaintyThe rpm utility can check a public key signature on any package to verify that it came from the person or organization that claims to have created it

  • Chapter SummaryOther security protocols built on the same principles of cryptography as GPG include IPsec, CIPE, CFS and TCFSThe Secure Shell (SSH) provides encrypted remote access via a utility that functions like Telnet. SSH also lets other protocols work with it to create secure connections for many purposes