Encryption and Security
Essay by review • November 25, 2010 • Essay • 2,508 Words (11 Pages) • 1,159 Views
Encryption and Security
NTC410
By: John Anderson
Security is a constant issue in the information technology industry today. It has always been an issue, but in light of events such as 9/11 and corporate scandals such as Enron, people have begun to take it much more seriously. There are several different types of security out there, but there are new threats to that security every day.
File security refers to permissions that can be set on a user or group basis for individual files and folders. The general permissions that can be set on a file or folder level within Windows are read, write, list folder contents, read and execute, modify, and full control. These rights can be much more granular if you use the advanced settings to set them. By configuring file permissions you can limit the access that users have to those files or folders. File and folder permissions can also be set through the share permissions on a network. The permissions that can be set on a share are read, change, and full control. This is not as granular as local file security, but you can combine the two together to make security even tighter.
The following is an example of how file security can be used. Assume that you get a call from Patrick, your Accounting department manager. Patrick has been working on several spreadsheets that are stored on a server in your domain, and is concerned that employees who should not access these files may be able to open and edit the files. The files are in a folder named D:\Clients on the server, and the folder is shared as Clients. The share permissions on the Clients share for Domain Users members are set to Full Control. Patrick wants to allow the members of the Accountants group to edit the files and add new files, and the members of the Sales group to be able to read the files but not edit them. Patrick should be the only person who can make any changes to the permissions, and no one else should have any access to the files. By configuring the correct share level security on this folder, Patrick can give the Accountants group and the Sales group the necessary access to these files and not have to worry about someone having too much access again.
A firewall is a barrier to keep destructive forces away from your property. In fact, that's why it's called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next. A firewall can be software or it can be a hardware device. Generally speaking, they provide security measures on the perimeter of the network, or at every place where the internet comes in. Information coming in and leaving the network passes through the firewall where it can be "scanned" and determined if it is safe or not.
Firewalls use one or more of three methods to control traffic flowing in and out of the network:
* Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.
* Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.
* Stateful inspection - A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then, incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.
An example of how a firewall might work is if someone on the inside of the network tries to download something using the FTP protocol, but the access control lists on the firewall deny traffic on ports 20 and 21, the user will not be able to perform the download. Another example is if someone on the outside of the network tries to connect to a network through a VPN but the firewall has blocked port 1723, the VPN connection cannot be made. Firewalls also have the ability to control where different types of traffic are sent on the network. For example, if I host a web server on my internal network using IP address 192.168.1.10, and I want to allow people to access it from the outside I can configure my firewall to forward all traffic coming in on port 80 (HTTP) to the internal IP address of my server. I can also configure my firewall to perform network address translation (NAT) which will allow me to use private IP addressing on my internal network and still give me the ability to access the internet using the public IP address configured on the external side of the firewall. Firewalls really have several different ways that they can be used to help increase security on your network whether at home or work.
When it comes to security, one of the options that must always be considered and is often used is encryption. Encryption is the conversion of data into a form, called a ciphertext, which cannot be easily understood by unauthorized people. A key is used to "lock" and "unlock" the ciphertext. The locking and unlocking is referred to as encrypting and decrypting respectively. There are two different types of encryption that can be used: symmetric and asymmetric.
In Symmetric encryption the same key is used to both encrypt and decrypt the data. There are two types of symmetric ciphers that can be used: block ciphers and stream ciphers. Although stream ciphers are faster and smaller to implement, block ciphers are generally preferred because of an important security gap in the stream cipher; if the same key stream is used, certain types of attacks may cause the information to be revealed.
Block ciphers encrypt the data into fixed sized blocks of information. The most common types of block ciphers used are Triple DES and the Advanced Encryption Standard (AES). Triple DES uses a 64-bit key consisting of 56 effective key bits and 8 parity bits. The size of the block for Triple-DES is 8 bytes. Triple-DES encrypts the data in 8-byte chunks. AES has a fixed block size of 128 bits and a key size of 128, 192 or 256 bits. It (or a version of it) has also been adopted as an encryption standard by the U.S. government.
Asymmetric encryption, also known as public key encryption, relies on the use of non-matching keys for encryption and decryption: One key for encryption and the other for decryption. A public key is used to encrypt data before it is passed along. On the receiving end, a private key must be used to perform the decryption. Common types of asymmetric encryption include RSA, DSA,
...
...