Chapter 11 of Business Data Communications and Networking covers network security, which includes a variety of topics from types of security threats, network controls, risk assessment, encryption, and user authentication. The following are a number of selected key terms that describe important vocabulary related to network security found throughout the chapter.
Key Terms |
|
|---|---|
| Term | Description |
| asset authentication | The process of ensuring that assets have not been altered, damaged, or removed in any way. |
| availability | Providing continuous operation of the organization's hardware and software so that staff, customers, and suppliers can be assured of no interruptions in service. |
| confidentiality | Refers to the protection of organizational data from unauthorized disclosure of customer and proprietary data. |
| integrity | The assurance that data have not been altered or destroyed. |
| risk | Threats to the systems and/or networks which can be identified by risk assessment frameworks such as OCTAVE, COBIT, or NIST |
| biometric system | A security measure in high-security application that requires a user to present something he or she is, such as a finger, hand, or retina of the eye for scanning by the system. These systems scan the user to ensure that they are the sole individual authorized to access the network account. |
| brute-force attack | An attempt to break a key via trying every possible combination of that key within its keyspace. The larger the keyspace, the more difficult the key is to crack. |
| denial-of-service (DoS) attack | Attack in which an attacker attempts to disrupt the network by flooding it with messages so that the network cannot process messages from normal users. |
| IP spoofing | The process of changing the source IP address on packets sent to mask their true origin |
| business continuity | Refers primarily to ensuring availability, with some aspects of data integrity. It means that the organization's data and applications will continue to operate even in the face of these 3 main threats:
|
| disaster recovery | A method of correcting problems from disaster that involves a disaster recovery plan, which addresses various levels of response to a number of possible disasters and should provide for partial or complete recovery of all data, application, software, network components, and physical facilities. |
| packet-level firewall | A type of firewall that examines the source and destination address of every network packet that passes through it, and only allows packets into or out of the organization's network that have acceptable source and destination addresses. It does not examine packet contents or why they are being transmitted, and typically does not log the packets for analysis, making it the simplest and least secure type of firewall. |
| cryptography | A means of disguising information by use of mathematical rules known as algorithms. The process of disgusing this information is known as encryption, and decryption is the process of restoring it to a readable form. |
| symmetric | A type of encryption in which the key used to encrypt a message is the same as the one used to decrypt it. Symmetric encryption is also known as 'single-key encryption'. |
| key | A part of encryption which personalizes the algorithm by making the transformation of data unique. Two pieces of identical information encrypted with the same algorithm but different keys will produced completely different ciphertexts. |
| key management | A system of keeping keys used for symmetric encryption recorded, but secure so that they cannot be stolen. |
| asymmetric encryption | A type of encryption in which the key used to decrypt a message is different from the key used to encrypt it. Asymmetric encryption is also known as 'public key encyrption'. |
| RSA | The most popular form of asymmetric encryption whose technique forms the basis for today's public key infrastructure (PKI). It was invented at MIT in 1977. |
| public & private key | The two keys involved in asymmetric encryption. One key, the public key, is used to encrypt the message. A second, different key, the private key, is used to decrypt the message. Keys are often 512, 1024, or 2048 bits in lenght. |
| public key infrastructure (PKI) | A set of hardware, software, organizations, and policies designed to make public key encryption work on the Internet. It begins with a certificate authority, or CA. |
| certificate authority (CA) | A trusted organization that can vouch for the authenticity of the person or organization using authentication |
| symmetric encryption | A type of encryption in which the key used to encrypt a message is the same as the one used to decrypt it. Symmetric encryption is also known as 'single-key encryption'. |
| Data Encryption Standard (DES) | A symmetric encryption technique developed by the U.S. government in conjunction with IBM in the mid-1970s. It uses a 56-bit key which is easily cracked, and is no longer recommended for data needing high security. |
| triple DES (3DES) | The newer standard of DES that is more secure. It utilizes a 168-bit key, using DES three times, usually with three different keys. |
| Advanced Encryption Standard (AES) | NIST's new standard of encryption which has key sizes of 128, 192, and 256 bits. |
| Kerberos | One of the most commonly used authentication protocols used in central authentication. It was developed at MIT. |
| Secure Sockets Layer (SSL) | An encryption protocol that operates between the application layer software and the transport layer. It encrypts outbound packets coming out of the application layer before they reach the transport layer and decrypts inbound packets combing out of the transport layer before they reach the application layer. SSL tends to be focused for use with web applications. |
| IP Security Protocol (IPSec) | An encryption protocol that is focused for use with a wider variety of application layer protocols. IPSec sits between IP and the network layer and TCP/UDP at the transport layer. It can operate ineither transport or tunnel mode for VPNs. |
| IPSec tunnel mode | A mode in which IPSec encrypts the entire IP packet and must therefore add an entirely new IP packet that contains the encrypted packet as well as the IPSec AH (Authentication Header) or ESP (Encapsulating Security Payload) packets. |