530 likes | 603 Views
CE80N Introduction to Networks & The Internet. Dr. Chane L. Fullmer UCSC Winter 2002. Class Information. Web page tutorial available on-line Web page submission: Email to venkat@cse.ucsc.edu Subject: cmpe080n-assgn4 Must be emailed on or before March 15
E N D
CE80NIntroduction to Networks&The Internet Dr. Chane L. Fullmer UCSC Winter 2002
Class Information • Web page tutorial available on-line • Web page submission: • Email to venkat@cse.ucsc.edu • Subject: cmpe080n-assgn4 • Must be emailed on or before March 15 • No extensions can be granted – don’t be late • Final Exam • Last class session • March 14, 2002 • Similar to midterm – open notes/open book CE80N -- Lecture #18
Next week • Tuesday • Review session • Thursday • Final Exam • Open book, open notes • Bring a pencil… CE80N -- Lecture #18
Personal Web Pages of the Day A few brave souls…. Presenting: • Maria Fragoso • http://people.ucsc.edu/~chenita • Leonard Garcia Rhone • http://unicron.freeservers.com • Chris Webster • http://people.ucsc.edu/~destroid/multimedia/website/index.html CE80N -- Lecture #18
The Internet Is Unsecure • Many networks are “shared” meaning multiple computer are attached to the same segment. • Lacking in security • The only truly secure computer is one not connected to a network • Eavesdroping on other customers • Shared bandwidth (cable modem) • 100s of computers connected on one broadband cable segment • Basic system tools allow snooping of traffic on the same LAN segment • Tcpdump (Unix), many others CE80N -- Lecture #18
Lack of Security Can Be Important • Lack of security can pose a serious risk to you and yours…. • Interested third parties can “snoop” your messages • Confidential memos • Sensitive business information • Financial transactions • Your credit card or PIN numbers • The US Govt (NSA) reads your email • Electronically scanned looking for buzzwords or “hot topics” of the day. CE80N -- Lecture #18
Authentication And Privacy Are Primary Problems • The authentication problem is: • Verifying the identity of the communicating party • The privacy problem is: • Keeping data across the Internet confidential • A message is private if only the sender and intended recipient can read it CE80N -- Lecture #18
Data May Be Changed • Data passes through the Internet • Intentional changing of data is a potential risk • Modifying a shipping address, etc • Guaranteeing data remains unchanged can be done through some Internet technologies (secure sockets) CE80N -- Lecture #18
Encoding Keeps Messages Private • Before sending a message, software on the sending computer: • Encrypts the contents of the message • Note: Encryption can significantly increase the size of a message • When receiving a message, software on the receiving computer: • Decrypts the message CE80N -- Lecture #18
Computer Encryption Uses Mathematics • Human encryption is too easy to decode. • The Internet uses sophisticated encryption. • The process of encoding a message with a secret code is called encryption • The process of decoding an encrypted message is called decryption CE80N -- Lecture #18
No Network Is Absolutely Secure • Encryption cannot guarantee privacy. • The idea behind modern encryption is to make it so difficult to decode that a very high speed computer would take years to decrypt the message (without the key) • 128bit keys are common in the US • US Laws limit distribution of strong encryption software outside the US CE80N -- Lecture #18
Encryption Makes E-mail Private Figure 29.1 Encryption software ensures that the contents of an e-mail message remains private. Only the encrypted version passes across the Internet. CE80N -- Lecture #18
Encryption Software Needs A Key • Each user is assigned a key that only “unlocks” messages encrypted for the user. • Without the key, no one can decrypt messages for the user. CE80N -- Lecture #18
Two Keys Means Never Having To Trust Anyone • Key Pairs are used • One key is public and posted at large • One key is private – never given out • Called Public Key (PK) Encryption • One key is to encrypt messages. • Use the public key to encrypt • Public key cannot be used to decrypt the message • The other key is to decrypt messages • Use the private key CE80N -- Lecture #18
Two Keys Means Never Having To Trust Anyone • Businesses keep the private key private and share the public key with customers. • Using the public key, anyone can send confidential messages • Decrypting can be done only with the private key. CE80N -- Lecture #18
Figure 29.2 Figure 29.2 An illustration of the keys used when two individuals exchange confidential communication. Messages sent across the Internet between the two computer are always encrypted, but the key used for encryption depends on the destination.
Secure E-Mail In Practice • No single encryption technology has emerged as the universal standard. • Allowing backward compatibility • Secure Multipurpose Internet Mail Extensions (SMIME) • Not allowing backward compatibility • Pretty Good Privacy (PGP) (from MIT) CE80N -- Lecture #18
Summary • Networks in general, and especially The Internet, are not absolutely secure • Messages can be “snooped” or even modified as they traverse the network • Public Key Encryption is the fundamental technology used to provide security in the Internet • Public/private key pairs are used CE80N -- Lecture #18
Glossary • Cable modem • A device that allows Internet service to be provided over the same coaxial cable wiring used for cable television. • Encryption • The process of encoding a message to keep it confidential. CE80N -- Lecture #18
Glossary • Unsecure • A computer or a network in which information is not protected against being copied or changed. CE80N -- Lecture #18
E-Commerce Is Big Business • The term electronic commerce (e-commerce) refers to all commercial transactions conducted over the Internet. • Experienced phenomenal growth from its inception in 1993 • May Include: • Banking • Sending orders • Investing CE80N -- Lecture #18
Security Made E-Commerce Possible • The most common form of e-commerce transaction consists of a retail purchase from a catalog. • Provides a way for user to: • Purchase the item • Manipulate a shopping cart • Select a payment method • Consumers would not have confidence in the process without security of their data (credit card and personal info) CE80N -- Lecture #18
Secure Sockets • A browser keeps messages private by using encryption technology. • Sends information over the Internet to the server. • Handles the details of the encryption process for the user (or posts an alert when you are about to send unsecured data) • Encrypts the message before sending it • Uses the Secure Socket Layer (SSL) (Netscape) CE80N -- Lecture #18
Public Key Encryption Provides Authenticity • Public key encryption is surprisingly general. • Use unique private/public key pairs • Guarantees confidential messages • Can be used to verify authenticity • Uses a reverse process • Originator encrypts with private key • Receiver uses public to decrypt the message and verify the sender • Called a Digital Signature CE80N -- Lecture #18
Digital Signatures • Encryption technology guarantees that a digital signature cannot be forged. • Created by encrypting the sender’s private key, decrypted with public key • It is not merely a scanned version of a conventional signature (ie, a digitized signature), which can be forged. CE80N -- Lecture #18
Certificates Contain Public Keys • Trusted companies register public keys and communicate them as needed. • Provides browser with public key • Called a digital certificate • Uses encryption to guarantee security and authenticity of the digital certificate CE80N -- Lecture #18
What Is Digital Money? • Digital cash should be the equivalent of the cash people carry with them to make small purchases. • Could be in the form of a debit card • Allows user to replenish the amount available CE80N -- Lecture #18
Digital Cash Is Not Widely Available • Several steps are required to make digital cash operate. • Not possible for a bank to transfer real money to an electronic wallet – creates an encrypted message to store on users computer • Merchant must obtain authorization from user • Best suited for small purchases • Operating the Digital Cash system is costly • With small transactions, it offers a reduced profit margin for the money changers • CAVEAT: Digital Cash is not anonymous like real cash. Your spending can be (is) closely tracked. CE80N -- Lecture #18
Business And E-Commerce • How does e-commerce affect business? • Affected by two aspects of a company • External • Business-to-business communication (B2B) • Internal • Reports for summarization • Sales • Delivery • Items on hand • Information can be gathered from branch offices via the Internet CE80N -- Lecture #18
A Business Must Protect Its Networks • The final item a business needs for e-commerce is protection against malicious attack. • Hackers: • Break into computers • Steal or change information • A business must take precautions to mitigate intrusions to their systems CE80N -- Lecture #18
Firewalls Protect Networks • The most widely used mechanism to protect private networks from outside attack is known as an Internet firewall. • Similar to a router/bridge • Sniffs packets that come across it • Rejects (filters out) packets for unauthorized TCP/UDP ports (ie. ftp, telnet, etc.) CE80N -- Lecture #18
Firewall Example Figure 30.1 Illustration of a firewall that protects a company’s internal networks and computers from outside attack.
A Firewall Filters Packets • A firewall prevents accidental access. • Prevents outsiders from accessing files • Protects against all access to unknown services • Generates reports showing unauthorized attempts filtered out by the firewall CE80N -- Lecture #18
Firewalls Guard Against Trojan Horses • Firewalls protect the company from inside the company as well. • Eliminates vulnerability to a Trojan horse attack • Malicious programs can arrive in email. • Once launched inside the firewall perimeter it can transfer information out, breaching security. • Firewalls can filter traffic flowing in both directions – in and out. CE80N -- Lecture #18
E-Commerce Summary • E-commerce is an important and significant use of the Internet • Security is essential to the success of e-commerce • Secure Socket Layer (SSL) and Public Key (PK) Encryption are the underlying technologies current;y used • Digital Signatures are specially encrypted messages CE80N -- Lecture #18
E-Commerce Summary • Digital Cash is an electronic equivalent of cash • Firewalls filter out unauthorized packets coming into and leaving a network. CE80N -- Lecture #18
Glossary • Digital Signature • An encrypted message that authenticates the author of a document. • Electronic Commerce • (e-commerce) A general reference to any business conducted over the Internet. CE80N -- Lecture #18
Glossary • Firewall • A security mechanism placed between a company and the Internet to protect the company’s computers from attack. • Key • A string used to encrypt data to keep it secure. CE80N -- Lecture #18
Glossary • Private Key • One of two keys issued to a user for security. A user must keep their private key secret. • Public Key • One of two keys issued to a user for security. A user tells everyone their public key. CE80N -- Lecture #18
Glossary • Secure Socket Layer • (SSL) A mechanism invented by Netscape, Inc. to provide secure communication between a browser and a server. • Trojan Horse • A security attack in which someone inside a company is tricked into running a computer program that sends information from the person’s computer to an outsider. CE80N -- Lecture #18
A Cornucopia Of Services • The Internet contains many diverse services. • Browses for information • Searches for information • Transfers information • Purchases goods • Interacts with others CE80N -- Lecture #18
New Services Appear Regularly • The Internet is still changing. • Developing new ways for information: • Storage • Communication • Reference • Access CE80N -- Lecture #18
Flexibility Permits Change • The basic communication technology used in the Internet is flexible. • Today it supports computers and services not imagined at its beginning CE80N -- Lecture #18
A Digital Library • A large storehouse of digital information is accessible through computers. • Includes many forms of information: • Text • Graphics • Conversations • Sound • Still and Moving pictures CE80N -- Lecture #18
Card Catalogs And Search Tools • Digital libraries contain many index mechanisms. • Provides services to search for information (web search engines) • Information can be located in several ways. CE80N -- Lecture #18
Internet Services Can Be Integrated • Search mechanisms in a digital library can be combined. • Integrating these mechanisms forms a cross-reference between services • Example: Web browsers • Combine ftp, email, audio/video display, etc.. • Improves the service • ftp: in a web browser is visual, point-and-click; no commands to enter.. • Browser based email, news.. Also visual, point-and-click. Much easier to use CE80N -- Lecture #18
Mr. Dewey, Where Are You? • There is little uniformity of the information available on the Internet. • No standard for information organization • Everyone does things in their own way, independently of one another • You are on your own CE80N -- Lecture #18