7/29/2019 MELJUN CORTES Communication Security

1/16

Lesson 10 - 1

ADCS

CS219/1098/V3

Chapter 10

Advanced Topics (2)

Chapter Objectives:

Communications Security

To understand the weaknesses

of the Internet/WWW,

conventional encryption and

public key encryption, the

misconception people have of

public key encryption

To understand what a firewall is,the factors to take into

consideration when designing

firewalls, and the UNIX/Internet

security architecture and

password management

7/29/2019 MELJUN CORTES Communication Security

2/16

Lesson 10 - 2

ADCS

CS219/1098/V3

Chapter 10

Advanced Topics (2)

Chapter Objectives:

Project Management

To understand the importanceand function of a project

manager, the different project

team structures and the major

activities in project management

7/29/2019 MELJUN CORTES Communication Security

3/16

Lesson 10 - 3

ADCS

CS219/1098/V3

Communications Security

The Internet and WWWvulnerabilities

Proliferation and use of Internet

Internet & WWW

Need for Internet security

management

Internet worm

Breach in credit files

Illegal access

7/29/2019 MELJUN CORTES Communication Security

4/16

Lesson 10 - 4

ADCS

CS219/1098/V3

Two Techniques:

Conventional Encryption

1. Original message is known

as plaintext

2. Apply encryption and key to

get ciphertext

3. Transmission to the recipient

4. Decryption ciphertext with

key

Data Encryption

7/29/2019 MELJUN CORTES Communication Security

5/16

Lesson 10 - 5

ADCS

CS219/1098/V3

Security of conventional

encryption depends on certain

factors:

Resist brute force

Maintain secrecy of the key

7/29/2019 MELJUN CORTES Communication Security

6/16

Lesson 10 - 6

ADCS

CS219/1098/V3

Public Key Encryption

1. Generates encryption and

decryption keys

2.Public key is made available,

companion key is kept private

3.A encrypts plaintext using Bspublic key

4.B decrypts message with its

private key

7/29/2019 MELJUN CORTES Communication Security

7/16

Lesson 10 - 7

ADCS

CS219/1098/V3

Conventional Encryption

versus Public KeyEncryption

Public key encryption is NOTmore secured than conventional

encryption

Public key encryption is NOT a

general purpose technique

Key distribution in public key

system is as complicated

7/29/2019 MELJUN CORTES Communication Security

8/16

Lesson 10 - 8

ADCS

CS219/1098/V3

Fundamental Encryption

Principles

Incorporate redundancy inencrypted messages

Prevent intruders from playing

back old messages

7/29/2019 MELJUN CORTES Communication Security

9/16

Lesson 10 - 9

ADCS

CS219/1098/V3

Firewalls

A firewall is a mechanism toprotect one network from another

by preventing unauthorised users

from accessing computing

resources on a private network

Design considerations for

firewalls:

Trade off between security and

ease of use

Restating conditions for design

Prohibit activities that are not

expressly permitted

Permit activities that are not

expressly prohibited

7/29/2019 MELJUN CORTES Communication Security

10/16

7/29/2019 MELJUN CORTES Communication Security

11/16

Lesson 10 - 11

ADCS

CS219/1098/V3

Layer 7

Defines the entire security

program

Layer 6

The people in contact with the

network

7/29/2019 MELJUN CORTES Communication Security

12/16

Lesson 10 - 12

ADCS

CS219/1098/V3

Password Management

1 Try using the users name, initials,

account names and other relevant

personal information as passwords

2 Try using words from various

dictionaries, including names of

people and places

3 Try using permutations of the words

in step 2, including various

combinations of cases, reversing the

order and embedding numbers into

the word

4 Try foreign words that are commonly

used. This is especially relevant for

foreign users

5 Try word pairs

7/29/2019 MELJUN CORTES Communication Security

13/16

Lesson 10 - 13

ADCS

CS219/1098/V3

Approaches to Password

Management

Using password checker

Forcing periodic change of

passwords

Assign passwords

Use physical devices

Proactive checking

7/29/2019 MELJUN CORTES Communication Security

14/16

Lesson 10 - 14

ADCS

CS219/1098/V3

Project Management

The Project Manager

Qualities of ideal project

manager

Technical competency

Ability to lead

Effective planner

Ability to control

Sensitivity to the environment

7/29/2019 MELJUN CORTES Communication Security

15/16

Lesson 10 - 15

ADCS

CS219/1098/V3

Duties of the project manager

Work with the steering

committee

Communicate with the users

Planning and staff the project

Monitor & report project

progress

Adjust to changes

7/29/2019 MELJUN CORTES Communication Security

16/16

Lesson 10 - 16

ADCS

CS219/1098/V3

Project teams

Hierarchical team

Chief programmer team

Adaptive team

Project management activities

Estimating

Organising

Controlling