Chapter 10 Advanced Topics (2) Chapter Objectives: Communications Security To understand the weaknesses of the Internet/WWW, conventional encryption and public key encryption, the misconception people have of public key encryption To understand what a firewall is, the factors to take into consideration when designing firewalls, and the UNIX/Internet security architecture and password management

Chapter 10 Advanced Topics (2) Chapter Objectives: Project Management To understand the importance and function of a project manager, the different project team structures and the major activities in project management

Communications Security The Internet and WWW vulnerabilities Proliferation and use of Internet Internet & WWW Need for Internet security management Internet worm Breach in credit files Illegal access

Data Encryption Two Techniques: Conventional Encryption 1. Original message is known as plaintext 2. Apply encryption and key to get ciphertext 3. Transmission to the recipient 4. Decryption ciphertext with key IM218

Security of conventional encryption depends on certain factors: Resist brute force Maintain secrecy of the key

Public Key Encryption 1. Generates encryption and decryption keys 2.Public key is made available, companion key is kept private 3.A encrypts plaintext using B’s public key 4.B decrypts message with it’s private key

Conventional Encryption versus Public Key Encryption Public key encryption is NOT more secured than conventional encryption Public key encryption is NOT a general purpose technique Key distribution in public key system is as complicated

Fundamental Encryption Principles Incorporate redundancy in encrypted messages Prevent intruders from playing back old messages

Firewalls A firewall is a mechanism to protect one network from another by preventing unauthorised users from accessing computing resources on a private network Design considerations for firewalls: Trade off between security and ease of use Restating conditions for design Prohibit activities that are not expressly permitted Permit activities that are not expressly prohibited

Internet Security Architecture Layer Name Functional Description 7 Policy Policy definition and directives 6 Personnel People who use the equipment and data 5 Local Area Computer equipment Network and data assets 4 Internal Concentrator-internal demarcation connect 3 Embedded OSI functions- UNIX gateway Layers 7,6,5,4 2 Packet filtering OSI functions- Layers 3,2,1 1 External Public access- demarcation external connect

Layer 7 Layer 6 Defines the entire security program The people in contact with the network

Password Management 1 Try using the user’s name, initials, account names and other relevant personal information as passwords 2 Try using words from various dictionaries, including names of people and places 3 Try using permutations of the words in step 2, including various combinations of cases, reversing the order and embedding numbers into the word 4 Try foreign words that are commonly used. This is especially relevant for foreign users 5 Try word pairs

Approaches to Password Management Using password checker Forcing periodic change of passwords Assign passwords Use physical devices Proactive checking

Project Management The Project Manager Qualities of ideal project manager Technical competency Ability to lead Effective planner Ability to control Sensitivity to the environment

Duties of the project manager Work with the steering committee Communicate with the users Planning and staff the project Monitor & report project progress Adjust to changes

Project management activities Project teams Hierarchical team Chief programmer team Adaptive team Project management activities Estimating Organising Controlling