Tutorial 6: Internet Security

Security Basics

Security is broadly defined as the protection of assets from unauthorized access, use, alteration, or destruction.

Secrecy threat: when data is disclosed to an unauthorized party

Integrity threat: unauthorized data modification

Necessity threat: causes data delays or denials

A countermeasure is a physical or logical procedure that recognizes, reduces, or eliminate a threat.

• The best way to safeguard against a threat is to prevent it from occuring in the first place

• In some cases, you need to plan for losses in service or theft by purchasing insurance or installing backup systems 

  

 

The process of risk management focuses on identifying threats and determining available and affordable countermeasures.

Using Encryption
Encryption is the process of coding information using an algorithm to produce a string of characters that is unreadable

Algorithm: a formula or set of steps that solves a particular problem

Cryptography: the study of securing information via encryption

Key: is used to decrypt cipher text

Decryption: the process of using a key to reverse encrypted text is called decryption

Cipher Text: encrypted information

Plain Text: unencrypted information

Using a Firewall 

Check out this tutorial on "How to use a Firewall"

The computer version of a firewall is a software program or hardware device that controls access between two networks or between the Internet and a computer

• Can be used on both Web servers and Web clients

• A Web client firewall might be a dedicated hardware device or a program running on a computer

Communication Channel Security

Identification

• User authentication is the process of associating a person and his identification with a very high level of assurance.
• Usually consists of a User ID and Password
• The more hoops, the more secure (Multi-factor Authentication)
• A digital certificate is an encrypted and password protected file that contains sufficient to authenticate a person's indentity.