Security And Network Security Computer And Internet
Aspects of network security is closely associated with services provided: inbound or outbound. Security on outbound service Can be done with the best possible firewall configuration.
Similarly, anonymous access inbound servicing, Standard and Poor ‘anonymous FTP, HTTP, Gopher, etc .. In this case, intentionally provided information for everyone. Another case Pls We Want to Provide a non-anonymous access (authenticated or services), whereby in Addition through the firewall, Someone Who is requesting access must Also get a ‘permission’ server after first proving his identity. This is the authentication. Furthermore, the authors use the term as a synonym for the word autentisasi.
RISK-SECURITY SERVICE INBOUND
Why Should autentisasi … ..? The Internet is a public network, and is open to everyone all over the world to merge. Once the size of this network, has raised profits and losses. We Often Hear and read about damaging the computer system, financial, or confidential information the Pentagon database of student academic transcripts. The sentence is adequate to represent the statement That We Should be ‘vigilant’ Those against ‘evil’ and the always Strive to minimize the possibility for Them to be Able to do his evil intentions. It’s easy to negate the possibility Of intruders (illegal access) from the outside by closing all inbound traffic channel service to the internal network. But this means have reduced the main benefits of the network: communication and use of resources together (sharing resources). Thus, a natural consequence with a large network Enough, is to accept and try to minimize this risk, not abolish Them.
We will from the start from a network-administrator (NA) That has been doing a good job, in Preparing ‘defense’ for the all services, outbound and inbound anonymous. Some Things That Need additional Should be remembered again. Whether the defense is strong Enough for the theft of the relationship (hijacking attacks)? Therein are already Considered the possibility of illegal monitoring of information packets are sent (packet sniffing – playback attack)? Or is it actually includes the readiness to illegally access from inside the system (false authentication)?
Happens hijacking usually on a computer network to contact us, although to Some rare cases, can occur at any point in its path. So That the NA would be wise to consider granting an access to the trusts, only from the computer most do not have the Same security system or May be more ‘robust’, compared with the network under the responsibility, he said. Minimize the Chances of this unfortunate business, Also Can be done by adjusting the packet-filter as well or use a server modifications. For example, We Can Provide facilities for anonymous-FTP any computer anywhere, but authenticated-FTP is given only on the hosts listed in the list of ‘trust’. Hijacking the middle of the paths Can be avoided with the use of encryption Between networks (end to end encryption).
Confidentiality of data and passwords is Also the topic of security design. Programs dedicated to packet-sniffing cans automatically displays the contents of Each packet of data Between the client and server. Password protection from crimes and Standard and Poor Can be done by implementing a single-use passwords (non-reusable passwords), so although they want Could be monitored by the sniffer, the password again Can not be Used.
The risk of hijacking and sniffing the data (not the password) Can not be avoided altogether. That it means NA Should consider this possibility and perform optimization for the less his chance. Restricted number of accounts with full access and remote access time, is one form of optimization.
Mechanism AUTENTISASI
Subject autentisasi is evidentiary. Evidenced includes three categories, namely: that something about ism (something you are sha) We know something (something you know SYK), and something That We have customers (you guys have something SYH). Sha closely related to the field of biometrics, Standard and Poor ‘checking-finger prints, retinal examination, voice analysis, etc. .. SYK is identical With the password. As for the SYH is Generally Used as a smartcard identity card. \
Perhaps, now is still widely Used is the password to the system. To avoid theft of passwords and use the system illegally, would be wise if our network system equipped with a disposable passwords. How Can the application of this method?
First, use the system time-stamp encrypted. In this way, the new password sent after The first is modified based on the current time. Second, using a challenge-response system (CR), Nowhere depends We give the password challenge from a server. We Are Preparing a preliminary list of answers (response) is Different for the ‘questions’ (Challenge), Which differ by the server. Because the course is so hard to memorize A Few TENS or hundreds of passwords, it Will Be Easier if the memorized rules to change the challenge is given to the response (so it is not random). For example rule is: “kapitalkan fifth letter and delete the fourth letter”, then the password That We give MxyPtlk1W2 Mxyzptlk1W2 is to challenge the system.
If the CR system, must be Known ‘rules’ her, then at the time-stamp system, We must remember the password for the provision of These time-stamps. Do not complicate this way? How lucky Mechanisms These are Generally handled by a device, either with software or hardware. Kerberos, autentisasi software created at MIT and Adopt a time-stamp system, requiring modifications to the client for time synchronization with the server and giving a stamp-time passwords. Modifications client program Reminds us of the proxy and, Indeed, something like that. CR systems are usually applied at the Same Time with hardware support. Examples of operational CR system is a device SNK-004 card (Digital Pathways) That Can be applied in conjunction with packet-FWTK TIS (Trusted Information Systems – Internet Firewall Toolkit).
TIS-FWTK disposable passwords offer solutions (CR) systems that ‘fun’: S / Key. S / Key hash algorithm iteratively apply the procedure to a seed, so the system Can validate-client instant response but did not have the ABILITY to predict the response, the next client. So if there is infiltration in the system, ‘there is no’ something ‘Which Could be Stolen (usually a list of passwords). Hash algorithm has two properties play. First, the input Could not be regenerated from the output (non-reversible). Second, there are two possible inputs for a Same output.
Encryption and Cryptography
Cryptography has grown so long, people want information Pls That he submitted Can not ‘read’ by a party not Interested. Traditionally Known as the two Mechanisms cryptography, public key or private key. DES (data encryption standard) Used by Kerberos to use private-key system. RSA (Rivest Shamir Addleman) implement public-key systems. One of the Contributors of RSA, and then make Ron Rivest MD4 (message digest function # 4) Used by the S / Key-TIS-FWTK him “. Optimization and crossbreed Between These two traditional methods of Childbirth PGP (Pretty Good Privacy). Discussion of the DES, RSA, or PGP is a separate book and not in place is disclosed here. But clearly, the system characterized by private key-decrypt-encrypt process through the keys are identical, while in the public-key systems, this process is done with two keys: a public key to encrypt and decrypt secret key for both Which of These key relationships and have close digenerasikan via a mathematical algorithm. Because of the mathematical processes required in advance, the speed of public-key systems Thousands of cans several times slower than equivalent private-key algorithm, although on the other hand Offers better protection. Exploitation of the advantages and disadvantages of private and public key systems is PGP, Which for the transmission of data is done with the key system-private-key That session runs fast, while the transmission of session-key of his own using public-key .
With encryption, the information We send it to a network through another network security doubts (the Internet), relatively more secure. Between Encryption networks cause a ‘thief’ must try a little harder to get illegal information Which Had he hoped. Trust There are opportunities for the implementation of encryption, namely: at the application level, data-link level and network level.
Application-level encryption requires the use of client-server is a special software. In accordance with the OSI reference model, encryption of the data-link is only valid for point to point connection, Standard and Poor ‘encryption system on a phone modem. While network-level encryption (network layer) is applied on the router or other equipment Which is adjacent to both sides of the network. Optimization of the interests and security policies carried out by adjusting the types / part of the IP packet will of some encrypted, adjustments to the firewall architecture and, consequently, the effectiveness of encryption key distribution, etc .. In the future, technology Nowhere VLANs (virtual LANs) is estimated to be a top choice for Intranet (enterprisewide), the use of network-level encryption has changed from so Important. Perhaps equally Important to state That while a company is ‘forced’ to use the internet as a route for delivery of sensitive information Between head office and other branches dibelahan earth.
AND TIS-FWTK Kerberos authentication server
Kerberos is one of the works of Athena project, a collaboration Between MIT, IBM and DEC. Kerberos was Designed to medukung autentisasi and encryption of data on a distributed environment through modification of standards of client or server. Some of the operating system vendor has submitted a Kerberos into on their products. MIT Itself provides a free version of Unix That has many in-Kerberizing. Even for the interests ported to the operating system or client-server That software does not support Kerberos, MIT provides its source-code, Also free. Project Athena Kerberos implemented in many applications Itself Poor ‘NFS, rlogin, email and password system. Secure RPC (Sun Microsystems) Also implements the Same thing.
There are Trust Things to consider in the implementation of Kerberos. Modification of the client and server software would cause restrictions on choice of applications. Unfortunately Also the there is no alternative method as a substitute for source-code modification (as in the proxy That allow the user a custom procedure or custom client software). Then, most people Also Agreed to call: “Kerberos is relatively Difficult to implement / manage”.
Other packages offered by the system autentisasi TIS-FWTK: authentication-server. Servers These are Designed in a modular, flexible mechanism autentisasi That supports many popular as a standard reusable password system, S / Key, SecurdID cards from Security Dynamics (systems with time-stamps), SNK-004 card Digital Pathways’ s (CR system) and an Mechanisms easy to integrate new. Back to the conversation at the beginning of this writing, if our primary interest is how to prepare the ‘defense’ for non-anonymous inbound service, perhaps the authentication-server solution is thys of consideration. Why? How does this system work? Not much space in this paper to load all our discussions about autentisasi, but the will of the cover Illustration below give you a little picture for you, Interested network security, authentication-server Concerned.
Source : http://radensomad.com/security-dan-keamanan-jaringan-komputer-dan-internet.html
I was just examining your post it is extremely well crafted, My organization is exploring on the internet looking for the correct way to do this blog thing and your site definitely is quite professional.
i love you blog, It’s beautiful. As usual, You are so funny, and I agree with your assessment.After being away for months from the public eye this is how she chooses to be seen.i hope you can understand my message cause my english is not so good and i made mistakes i guess
it was very interesting to read musal-a.com
I want to quote your post in my blog. It can?
And you et an account on Twitter?
We’re thinking of starting a blog for our business. I really love the colors and use of space on the template.
I really don’t typically article but I enjoyed your blog outstanding,Thanks alot for that truly learn
found your site on del.icio.us today and really liked it.. i bookmarked it and will be back to check it out some more later
hi very useful blog here, i always prefered using norton 360 which i brought for a good price from shoponlinegoods.com. Worked perfectly fine for me.
Good post and this enter helped me alot in my college assignement. Gratefulness you for your information.
Good blog! I truly love how it is easy on my eyes and the details are well written. I am wondering how I might be notified whenever a new post has been made. I have subscribed to your rss feed which really should do the trick! Have a nice day!
Thanks for sharing this helpful info!
Thank you for the advice. I’ve found your first point to be most effective.
Thanks for writing, I truly liked reading your post. I hope to read more post soon. regards
Thank you for taking this opportunity to converse about this, I feel strongly about it and I like learning about this subject. If possible, as you gain data, please update this blog with new information.
Good site!
Great stuff here.
I like the first point you made there, but I am not sure I could pratcially apply that in a contructive way.
I’ve read some good stuff here. Definitely worth bookmarking for revisiting.
Well, if your resume is written in the same poor English that you exhibited when you posted your question, I would say that your chances of securing a reasonable attractive job at at best slim.
That’s Too nice, when it comes in india hope it can make a Rocking place for youngster.. hope that come true.
Hi there could I quote some of the material from this blog if I provide a link back to your site?