The Internet is extensively used to search and exchange information that may be confiedential. Organizations, such as e-commerce service providers, require a mechanism to ensure that the data transferred is available only to authorized users.
E-Mail Security
E-Mails are the key to exchange information on the Internet. Therefore, it is necessary to secure
them for authenticty and confidentiality. To mainatain e-mail messaging privacy, the security considerations are as follows:
User Authentication
A secure computer system must ensure that only authentic users can access a server or an application. Authentication is the process of confirming the identity of a user.
The most common method to implement authentication is to use the user name and password pairs. The authentication types include the following:
Digital Certificates
A digital certificates is a way to establish your identity on the Internet. You require a digital certificate for financial transactions or the transfer of confiential Information on the Internet. A certification authority, such as VerSign and Thawte, issues a digital cerificate. It is issued for a specific period after which the certificate expires. The following figure displays a sample digital certificate for the Yahoo! Web site:
Encryption
Encryption provides integrity and privacy of information for the data that is exchanged on networks. For example, intelligence bureaus make use of coded signals to communicate with each other. Only authrized users can decipher these codes. Similary, you can encode the data transmitted through a computer using encryption.
An encryption system is a set of rules or operations that are applied to the message to convert plain text into ciphertext (encrypted form of messages). Decryption is the process of converting chipertext into plain text by using a key. This key is a string of digits used to encrypt or decrypt the data.
- Delete the chace files tha pertain to your login and e-mail Web pages.
- Perform a virus scan before you download attachements.
- Delete any unwanted e-mails by emptying the Trash folder.
- Encrypt or digitally sign your messages by using the tools provided by security organizations, such as VerSign. These tools are used to ensure the confientiality of your e-mail messages by authenticating and authorizing users to access and read your e-mails.
- Do not choose an option that saves your user name and password on the computer
User Authentication
A secure computer system must ensure that only authentic users can access a server or an application. Authentication is the process of confirming the identity of a user.
The most common method to implement authentication is to use the user name and password pairs. The authentication types include the following:
- Anonymous access: When the authenctication mode is set to this type, no user name password is used to confirm the user identity. Any user can access any resource available on the site.
- Basic authentication: When the authentication mode is set to this type, the user name and password are used to confirm the user identity. The limitation of this method is that the data is transmitted in plain text format across the internet. As result, anyone who happens to intercept the data will be able to read it.
- Secure authentication: When the authentication mode is set to this type, a user name and password are required to confirm the user identity. In addition, the data is transmitted in an encrypted format si that anyone whoe interpets the data should not be able to read it.
- Digital certificates: Digital certificates are electronically signed documents used to establush the identity of the user accessing a resource.
Digital Certificates
A digital certificates is a way to establish your identity on the Internet. You require a digital certificate for financial transactions or the transfer of confiential Information on the Internet. A certification authority, such as VerSign and Thawte, issues a digital cerificate. It is issued for a specific period after which the certificate expires. The following figure displays a sample digital certificate for the Yahoo! Web site:
Encryption
Encryption provides integrity and privacy of information for the data that is exchanged on networks. For example, intelligence bureaus make use of coded signals to communicate with each other. Only authrized users can decipher these codes. Similary, you can encode the data transmitted through a computer using encryption.
An encryption system is a set of rules or operations that are applied to the message to convert plain text into ciphertext (encrypted form of messages). Decryption is the process of converting chipertext into plain text by using a key. This key is a string of digits used to encrypt or decrypt the data.
COMMENTS :
0 komentar to “Implementing Internet Security”
Posting Komentar