2 p 252 One practical way to secure this data is to use cryptography in the form of encryption algorithms applied to data that is passed around networks and to data at rest.
As related to cryptography, an algorithm is the mathematical procedure or sequence of steps taken to perform the encryption and decryption. Practically speaking, however, an algorithm can be thought of as a cooking recipe, which provides the ingredients needed and step-by-step instructions.
This chapter discusses the concepts of cryptography and many popular encryption methods and their applications. In addition to being able to explain these fundamental cryptography concepts, you will begin to understand how cryptography can be used as a tool to protect and authenticate all types of information and to protect the computers and networks in information security systems.
One practical way to secure this data is to use cryptography in the form of encryption algorithms applied to data that is passed around networks and to data at rest.
As related to cryptography, an algorithm is the mathematical procedure or sequence of steps taken to perform the encryption and decryption. Practically speaking, however, an algorithm can be thought of as a cooking recipe, which provides the ingredients needed and step-by-step instructions.
Because of the sensitive nature behind the uses of cryptography, the use of well-known, proven technologies is crucial. Back-doors and flaws for example, can undermine any encryption algorithm, which is why proven algorithms such as those discussed in this chapter should always be considered. While various vendors might have their own encryption solutions, most of these depend upon well known, time-tested algorithms, and generally speaking one should be skeptical of any vendor using a proprietary non-proven algorithm.
This chapter discusses the concepts of cryptography and many popular encryption methods and their applications. In addition to being able to explain these fundamental cryptography concepts, you will begin to understand how cryptography can be used as a tool to protect and authenticate all types of information and to protect the computers and networks in information security systems.
1/7/2009
2 p 293 Web servers are generally ready to begin accepting HTTP traffic to serve up Web pages, but to deploy HTTPS the Web server must have a certificate signed by a CA. When a Web server will be serving content outside of the organization (that is, public-facing sites), the certificate is usually signed by a trusted third-party CA. If the site will be used internally only (that is, an intranet), however, a certificate signed by an in-house CA generally suffices.
Aside from its use with HTTP for Web servers, TLS can provide security to many other protocols. It can, for instance, provide the capability to tunnel the connection forming a VPN, providing for easier firewall traversal compared to traditional IPsec VPNs, for example, which we discuss shortly.
Web servers are generally ready to begin accepting HTTP traffic to serve up Web pages, but to deploy HTTPS the Web server must have a certificate signed by a CA. When a Web server will be serving content outside of the organization (that is, public-facing sites), the certificate is usually signed by a trusted third-party CA. If the site will be used internally only (that is, an intranet), however, a certificate signed by an in-house CA generally suffices. In most cases the use of SSL and TLS is single sided—that is, only the server is being authenticated as valid with a verifiable certificate. For example, when conducting an online banking transaction one can be assured they are at the legitimate site by verifying the server side certificate, whereas the client is verified perhaps by only a username and password. Certificates however, can also be deployed in a dual sided scenario in which not only is the server authenticated using a certificate, but the client side is as well. While this certainly can provide for a more secure environment, additional overhead is created, which also includes the fact that a unique client side certificate now needs to be created and managed for every client rather than just a single server.
Aside from its use with HTTP for Web servers, TLS can provide security to many other protocols. It can, for instance, provide the capability to tunnel the connection forming a VPN, providing for easier firewall traversal compared to traditional IPsec VPNs, for example, which we discuss shortly.
1/7/2009
2 p ii update print line done 2/12/2009
3 p368 A. The system recognizes an authorized person and accepts that person. A. The system recognizes an unauthorized person and accepts that person. 8/26/2009
3 p413 10. Which one of the following access control mechanisms prevents disclosure of information by assigning security levels to objects and subjects?
10. Which one of the following access control mechanisms prevents disclosure of information by allowing the subject to assign security levels to objects? 8/26/2009