topic 8 section 3

  1. 4 types of security
    • encryption
    • authentication
    • firewalls
    • seals of assurance
  2. encryption
    transforms messages into an unreadable format until themessage is decoded.
  3. encryption methods can use either a
    single key (known to both the sender and the receiver of the message) ora dual key method
  4. single key method
    involves a password. sender encrypts the message using a password and then sends the message to the receiver (who needs to know password in order to get software to decode message)
  5. duel key method (i.e. public key encryption)
    doesn't require a password to be sent to the receiver of the message. instead uses two keys: public key used by the send to encrypt message and a private key used by receiver to decode the message. Public key is available for everyone to use but private kept secret
  6. authentication: digital signatures
    used to authenticate messages. Sender uses private key to create the digital signature, which includes an encrypted unique number called a "digest" based on the contents of the original message . Use public key to make sure it came from the send and hasn't been tampered with
  7. Firewalls (2)
    • -system used to insulate an organization's intranet from the internet. used to authenticate an outside user of the network, verify his or her level of access authority and then direct the user to the program.
    • -Also protect LANS from unauthorized internal acess
  8. two types of firewalls
    network file wall

    application-level firewall:
  9. network level firewall
    provides basic screening of low security messages (email) and routes them to their destinations based on the source/destination addresses attached
  10. application level firewall
    provides high quality level network security. Configure to run security applications called proxies

    proxies: perform sophisticated functions (i.e. authentication)
  11. seals of assurance
    evidences that web-based business is trustworthy
  12. SIX trusted 3rd party organizations companies
    • Better Business Beureau (nonprofit)
    • TRUSTe
    • VERI-sign INC.
    • International Computer association
    • WebTrust
    • sysTRUST
Card Set
topic 8 section 3
topic 8 section 3 security