Today, Mr. Zaki continue explain the Network Security Control
- Encryption, one of the network security controls consist of 2 types encryption:
- Link to Link - Decryption occurs just as the communication arrives at and enters the receiving computer
- End to End - Encryption done by a hardware device between the user and the host or a software running on the host computer.
- Strong authentication - one entity 'proves' its identity to another by demonstrating knowledge of a secret known to be associated with that entity, without revealing that secret itself during the protocol
- IPSec - Provide authentication (AH) and encryption (ESP)
- SSH - Secure remote login (encrypt data send over the network)
- SSL - provide server authentication, optional client authentication, and an encrypted communications channel between client and server
- Kerberos - supports authentication in distributed systems
- Firewall - a network security device designed to restrict access to resources (information or service) according to a security policy
- IDS - a device or software tools or hardware tools that monitor activity to identify malicious or suspicious events.
- IPS - network security device that monitors network and/or system activities for malicious or unwanted behavior and can react in real-time to block or prevent those activities.
- Honeypot - decoy systems that are designed to lure a potential attacker away from critical systems
After explains hacking and its prevention, Mr. Zaki teaches a new topic "Security in Applications". Application such as Email and web has its own security. For example, security in email is SMIME and PGP; while security in web is SSL, SSH, SET, HTTPS and SFTP. Security provided in Email is for confidentiality, data origin authentication, message integrity, non-repudiation of origin and key management; while security in web is to provide secure channel for the communication.
No comments:
Post a Comment