Encryption is a process to translate a readable message into an unreadable encrypted text. It not only provides users with communication security, but also becomes the basis of many security mechanisms.
Encryption methods are of three types, shown as follows:
-
Symmetric password mechanism
Its security key of encryption and decryption is identical. One pair of users share one password to exchange message, and keys must be private. Includes Data Encryption Standard (DES) and Triple DES (3DES).
-
Public key password mechanism
It has two different security keys that separate the process of encryption from that of decryption. One key is called private key that must be stored secretly; the other is called public key that can be distributed publicly. Includes Diffie-Hellman (DH) and Rivest, Shamir, Adleman (RSA).
-
Hash
It is used to compress a variable message into an invariable code and enable it to become a hash or message digest. Includes Message Digest 5 (MD5) and Secure Hash Algorithm (SHA).
Encryption can be applied in the following mechanism:
Authentication
Authentication is used to verify the legality of the user ID before a user accesses the network or obtains services.
Authentication can be either provided locally by each device on the network, or carried out through a dedicated authentication server. The latter has better flexibility, controllability and expandability.
Now, in a hybrid network environment, Remote Access Dial-In User Service (RADIUS), as an open standard, is widely used for an authentication service.
Access Control
Access Control is an enhanced authorization method. Generally, it is divided into two types:
-
Access control based on an operating system
It authorizes a user to access resources on a certain computer. Access control policies can be set based on user ID, groups or rules.
-
Access control based on the network
It authorizes a legal user to access the network. Its mechanism is much more complex than the access control based on an operating system. Usually, the access control component is configured on some intermediate points (such as firewall) between a requester and his destination to achieve access control.
Security Protocol
Network security protocol plays an extremely significant role in network security. Following describes widely used security protocols in terms of Transmission Control Protocol / Internet Protocol (TCP/IP) layered model:
-
Application layer security
It provides the end-to-end security from this application on a host to that application on another host across the network. Application layer security mechanism depends on the specific application. Therefore, general application layer security protocol does not exist.
For example, The Secure Shell (SSH) protocol can set up secure remote login sessions to provide secure connection channels for Telnet and FTP services.
-
Transport layer security
It provides a process-to-process security service on a host or multiple hosts. Providing security service at transport layer is to strengthen its Inter-Process Communication (IPC). Specific process includes:
- Authentication of entities at both ends
- Exchange of data encryption security keys
For example, Secure Socket Layer (SSL) is developed on the basis of reliable transmission service.
-
Network layer security
Security provided at network layer, even if the upper layers fail to implement the security, can also automatically protect the user data. Therefore, Internet Protocol (IP) security is the basis of the whole TCP/IP security and the core of the Internet security.
At present, the most significant security protocol at network layer is IP Security Protocol (IPSec). IPSec is a generic term for a series of network security protocols, including security protocols and encryption protocols.
IPSec can provide communication parties with services.
-
Access control
-
Connectionless integrality
-
Data source authentication
-
Anti-replay
-
Encryption
-
Classification encryption of data flow
-
Data link layer security
It provides a point-to-point security service, such as on a point-to-point link or Frame Relay permanent virtual circuit. Data link layer security is implemented through encryption and decryption at each end on the link using dedicated devices.
Favorite (0)
Reply
