Transcript Computer communication

Computer communication
Networks
Security
User access and levels
• Most network security involves users having different
levels of user access to the network.
• The network manager will have full
READ/WRITE/DELETE access to all the software on
the network and be able to install hardware.
• Other users may be restricted to certain areas of the
network, only have READ access to files or be unable
to install new hardware.
• This user access is controlled by the user having to
log onto the network with a unique username which is
then associated with a particular set of permissions.
Security
Suitable Passwords
• A password is used in combination with the username to prevent
unauthorised access to a network.
• A suitable (strong) password should not be easy to guess.
• Ideally it should:
– be a reasonable length (8 or more characters)
– not be a dictionary word
– include a random mixture of upper-case and lower-case letters,
numbers and even symbols
• Many network authentication systems will require users to regularly
change their passwords and block the use of previous passwords.
• Stored passwords on the network should be encrypted.
Security
Other methods of security
•
•
•
•
Physical security: CCTV, locks and swipe-card systems etc. can be
used to physically restrict access to networked computers. USB ports
and floppy disk / optical media drives can be removed or disabled to
stop file copying.
Firewall: this can be a device or be software-based. Its purpose is to
control network transmissions between networks. It is commonly used
to block unauthorised access to a network from the Internet, while
allowing legitimate network traffic through.
Antivirus software: Many viruses are designed to bypass security
systems and having up-to-date antivirus software installed will reduce
this risk.
Proxy server: this can be a device or be software-based and uses a
set of rules to check that the file, connection or web page the user
requests is acceptable. It can filter network traffic by IP address or
protocol. If the request is valid then the proxy server then makes the
connection on behalf of the user.
Security
Encryption
• An encryption technique is the method used to encrypt and then
decrypt data.
• Most encryption relies on scrambling up data with some form of
numerical ‘key’ such as a very large prime number.
• Without the key the data is meaningless if it is intercepted.
• The problem is that to communicate securely between computers,
they both need the key and the key would need to be unencrypted
for the receiving computer to be able to read it and then use it.
• The encryption technique used to get round this
problem is to use two keys, a public key to
encrypt the data and a private key to decrypt it.
Security
Encryption
•
•
When you access a secure web server two keys are used:
– A public key to encrypt the data
– A private key to decrypt it.
How it works:
– Your browser makes an HTTPS request to the server for secure
communication.
– The server responds by sending out its public key. Only the server has the
private key that decrypts anything encrypted using this key.
– Your browser then uses the server public key to encrypt its own public key
and sends this to the server.
– The server uses its own private key to decrypt your browser’s public key.
– The server and browser can now communicate in both directions using
each others public keys to encrypt data and their own private keys to
decrypt data.
– Any data that is intercepted will be meaningless, even if both public keys
were known.