Notes on Chapter 3: Security through authentication and encryption
Explain encryption methods and how they are used
Describe authentication methods and how they are used
Explain and configure IP security
Discuss attacks on encryption and authentication methods
Sniffers: software to capture information sent across a network; often gain access to account then install
(differentiate between legitimate sniffing for network analysis and troubleshooting traffic flow)
Encryption: disguise data to make it unintelligible except for intended recipients
Cryptography: coding messages
Coding
Ciphers code either each bit, or a block, of data
Keys and algorithm (recipe);
secret key uses same key (symmetrical) to encrypting and decrypting;
public key uses both a public and private key, (asymmetric) one to encrypt
and one to decrypt PGP
Hashing SSNàStudent ID (must verify uniqueness)
MD5 in SNMP rehashes 4 times
Checking the validity of data
Windows
MPPE RAS over PPP or VPN and PPTP
VPN telephone analogy
Encrypting file system sits on NTFS, uses Public Key
Cipher command (Cipher /?)
Linux
CFS Cryptographic File System on ext2 and ext3
----------------------------------------------------------------
Authentication Methods
Session Authentication encrypt sequence to foil sniffers
Digital Certificates (X.509)
Kerberos
SSL
SSH
| Single computer | LAN | IP | |
| basic | Challenge and Response | Transmission Layer-weak | |
| better | challenge and response | Kerberos | SSL |
| log in for adm rights | tickets, and time limits | browser and server agree | |
| best | Security Token | EAP | SSH |
| Thumb scan or smart card | valid phone or IP | log in |
----------------------------------------------------------------
IP Security: Autentication headers and ESP (encrytp packages)
Attacks on encryption and authentication
Brute force
Steal password
Guess password
Weak keys 56 bit vs PGP and strong key
“How difficult? Given all
of today's computing power and available time — even a billion computers doing
a billion checks a second — it is not possible to decipher the result of strong
cryptography before the end of the universe.”
Toward lab 3: Questions and 3.7