Internet Security
Contents
Encryption
Applying an algorithm or process (and normally a key) to data so that the output can no longer be understood. However this process can be reversed to return to the original data, this again may involve the use of a key.
Terms
Plain Text
The original data you want to encrypt.
Cipher
The specific algorithm or process used on the plain text.
Cipher Text
The output from running a cipher with the plain text.
Cryptography
The practice and study of techniques used in encryption.
Cryptanalysis
The art or process of deciphering coded messages without being told the key
Symmetric Encryption
Cipher text can be decrypted using an encryption algorithm and the encryption key. Symmetric means using the same key to encrypt and decrypt so it is often difficult to distribute a symmetric key without being intercepted. The key must be passed separately and obviously can’t be sent with the message. It is easy to decrypt the message with the key.
Asymmetric Encryption
Asymmetric refers to the fact that a separate encryption key and separate decryption key are used it is also called public key encryption e.g. RSA. You need a pair of keys – public and private. The private key is kept secret and secure but the encryption algorithm and public keys are freely available so:
- A message encrypted with A’s private key can only be decrypted with A’s public key
- A message encrypted with A’s public key can only be decrypted by A with it’s private key
Firewall
A piece of software designed to prevent the flow of network traffic, typically a specific sort of traffic or from/to a certain location. Firewalls are built in to many operating systems, such as Windows, and some are designed to be installed on a physical device to filter traffic for the whole network.
Packet Filtering
Examining the contents of a packet and it will be rejected if they fail to conform to certain rules. This could be done by examining the packet header information.
Stateful Inspection
Examining contents of a packet and it will be rejected if it is not part of a recognised communication. The firewall will keep a track of all open channels and transmissions. So it will know the context of each packet, i.e. which transmission and channel it is linked to.
Proxy Server
Proxy means on behalf of. A proxy server is on the edge of your private network and the proxy server is the only connection on the public internet. All of the devices behind the proxy server are essentially hidden from the internet.
All requests requiring public internet are routed through proxy server. The Proxy server can evaluate the source of the request and can filter specific website and locations. This will prevent all users on the network from accessing web content, it will also prevent access from certain devices.
Digital Signatures
To prove that an electronic message is genuine, a sender can digitally sign the message. Just like an actual signature written by hand. This means it can detect if the message has been tampered with and the signature is proof that it has been sent by the correct person. Digital signatures use asymmetric encryption.
Digital Certificate
A digital certificate is issued by a certification authority.
It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real.
Digital certificates can be kept in registries so that authenticating users can look up other users' public keys.