Security and Open Systems Interconnect (osi)

Security and Open Systems Interconnect (OSI)

Tony

NTC/410, Network and Telecommunications Concepts II

Mr. Li

July 9, 2005

Security and Open Systems Interconnect (OSI)

Security to networks and data has been a concern since the introduction of the Personal Computer (PC) in the work place. There always seems to be someone who wants gain unauthorized access. Below are a few areas that an administrator can look into to help secure their system.

File Security and Firewalls

File Security is keeping unauthorized access to your data. Encryption and password security is normally the best way to keep your data in the correct hands. Another way is install a firewall. A firewall is a system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both and are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet. There are several types of firewall techniques:

* Packet Filter: Packet filtering looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.

* Application Gateway: Application gateway applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can cause performance degradation.

* Circuit-Level Gateway: This applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.

* Proxy Server: This intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.

In practice, many firewalls use two or more of these techniques in concert.

A firewall is considered a first line of defense in file and network security. For greater security, data should be encrypted. (www.webopedia.com)

Symmetric and asymmetric encryption

Symmetric encryption is a type of encryption where the same key is used to encrypt and decrypt the message. This differs from asymmetric encryption, which uses one key to encrypt a message and another to decrypt the message. These two keys are a public key known to everyone and a private or secret key known only to the recipient of the message. When John wants to send a secure message to Jane, he uses Jane's public key to encrypt the message. Jane then uses her private key to decrypt it.

An important element to the public key system is that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. Moreover, it is virtually impossible to deduce the private key if you know the public key. (www.webopedia.com)

Secret and private key

In cryptography, a private or secret key is an encryption/decryption key known only to the party or parties that exchange secret messages. In traditional secret key cryptography, a key would be shared by the communicators so that each could encrypt and decrypt messages. The risk in this system is that if either party loses the key or it is stolen, the system is broken. A more recent alternative is to use a combination of public and private keys. (www.webopedia.com)

Digital certificate and PKI

A Digital Certificate is an attachment to an electronic message used for security purposes. The purpose is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply.

An individual wishing to send an encrypted message applies for a digital certificate from a Certificate Authority (CA). The CA issues an encrypted digital certificate containing the applicant's public key and a variety of other identification information. The CA makes its own public key readily available through print publicity or perhaps on the Internet.

The recipient of an encrypted message uses the CA's public key to decode the digital certificate attached to the message, verifies it as issued by the CA and then obtains the sender's public key and identification information held within the certificate. With this information, the recipient can send an encrypted reply.

PKI is the most widely used standard for digital certificates.Short for public key infrastructure, it is a system of digital certificates, Certificate Authorities, and other registration authorities that verify and authenticate the validity of each party involved in an Internet transaction. PKIs are currently evolving and there is no single PKI nor even a single agreed-upon standard for setting up a PKI. However, nearly everyone agrees that reliable PKIs are necessary before electronic commerce can become widespread. (www.webopedia.com)

OSI Model

Short for Open System Interconnection, (pronounced as separate letters), is an ISO standard for worldwide communications that defines a networking framework for implementing protocols in several layers. Control is passed from one layer to the next, starting at the application layer in one station, and proceeding to the bottom layer, over the channel to the next station and back up the hierarchy.

At one time, most vendors agreed to support OSI in one form or another, but OSI was too loosely defined and proprietary standards were too entrenched. Most of the functionality in the OSI model exists in all communications systems, although two or three OSI layers may be incorporated into one. (www.webopedia.com)

The OSI, layers:

OSI Layer Description

Application

(Layer 7) This layer supports application and end-user processes. Communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are identified. Everything at this layer is application-specific. This layer provides application services for file transfers, e-mail, and other network software services. Telnet and FTP are applications that exist entirely in the

...