Various tools and technologies used to help protect against or monitor intrusion include authentication tools, firewalls, intrusion detection systems, and antivirus and encryption software. Access control consists of all the policies and procedures a company uses to prevent improper access to systems by unauthorized insiders and outsiders. Authentication refers to the ability to know that a person is who he or she claims to be. Access control software is designed to allow only authorized persons to use systems or to access data using some method for authentication. New authentication technologies include:
A firewall is a combination of hardware and software that controls the flow of incoming and outgoing network traffic and prevents unauthorized communication into and out of the network. The firewall identifies names, Internet Protocol (IP) addresses, applications, and other characteristics of incoming traffic. It checks this information against the access rules programmed into the system by the network administrator. There are a number of firewall screening technologies:
Intrusion detection systems feature full-time monitoring tools placed at the most vulnerable points of corporate networks to detect and deter intruders continually. Scanning software looks for patterns indicative of known methods of computer attacks, such as bad passwords, checks to see if important files have been removed or modified, and sends warnings of vandalism or system administration errors. Antivirus software is designed to check computer systems and drives for the presence of computer viruses. However, to remain effective, the antivirus software must be continually updated. Vendors of Wi-Fi equipment have developed stronger security standards. The Wi-Fi Alliance industry trade group's 802.11i specification tightens security for wireless LAN products. Many organizations use encryption to protect sensitive information transmitted over networks. Encryption is the coding and scrambling of messages to prevent their access by unauthorized individuals. Two methods for encrypting network traffic on the Web are:
Data is encrypted by applying a secret numerical code, called an encryption key, so that the data are transmitted as a scrambled set of characters. To be read, the message must be decrypted (unscrambled) with a matching key. There are two alternative methods of encryption:
Digital signatures and digital certificates help with authentication. A digital signature is a digital code attached to an electronically transmitted message that is used to verify the origin and contents of a message. Digital certificates are data files used to establish the identity of users and electronic assets for protection of online transactions. A digital certificate system uses a trusted third party known as a certificate authority (CA) to validate a user's identity. The digital certificate system would enable, for example, a credit card user and a merchant to validate that their digital certificates were issued by an authorized and trusted third party before they exchange data. Public key infrastructure (PKI), the use of public key cryptography working with a certificate authority, is a principal technology for providing secure authentication of identity online. Figure 8-8
|