Class 6 Agenda Midterm Review Midterm Review –Questions –Toyota Case Computer Security Basics Computer Security Basics –Identification & Authentication –SSL encryption and Internet security –Network Security Text Chapter : Strategy & Technology Text Chapter : Strategy & Technology

Computer Security Basics Access Control Access Control –Identification –Authentication –Permissions/Access Issues Issues Role-based access Role-based access “Row-level” access “Row-level” access Mechanisms Mechanisms Directories Directories Groups, attributes Groups, attributes Logs Logs

Encryption “Encrypt” vs “encode” “Encrypt” vs “encode” Asymmetric keys Asymmetric keys Public / private keys Public / private keys Digital Certificates Digital Certificates SSL / HTTPS SSL / HTTPS Secured Transactions Secured Transactions

PKI Process PKI Process PKI Service PKI Client Send Public key Return encoded symmetric key Send login req using sym key Conduct work Time’s up! Send new sym key info

Network Security Basics Single sign-on Single sign-on –Trusted machine model –Tokens Firewalls Firewalls –Routers as firewalls –True firewalls “Castles and Roads” “Castles and Roads” Virtual Private Network Virtual Private Network DMZ DMZ –2-router model

Single Sign-on Security Server Application Server User/Client : Login to SS 2: Get token 3: login to AS (pass token) 4: AS chk’s token 5: SS ok’s token

Router / Firewall Firewall Router Accept List / Exclude list From: To: Type: Telnet From: To: Type: Telnet

Routed Network Design Router I-net router Client LAN Router Campus Backbone

DMZ Model Internet router (to/from DMZ only) Internal ServicesExternal Services DMZ Intranet router (to/from DMZ only)

VPN / Remote Access Goals Goals –Privacy –IP address domains VPN Mechanism VPN Mechanism –Proxy server –“Tunneling” VPN Problems VPN Problems –Encryption performance

VPN Router Enabling local traffic Server Campus Backbone Server Local IP session Encrypted remote session Server VPN Server Internet

Text: Strategy & Technology “IT doesn’t matter!” Comments? “IT doesn’t matter!” Comments? What makes sustainable advantage? What makes sustainable advantage? What technical aspects (ref class 1) effect sustainable advantage? What technical aspects (ref class 1) effect sustainable advantage? How important is the “portal” factor? How important is the “portal” factor?

Wednesday Computer Center Tour Computer Center Tour –Meet at 197 Foster 6:30 Tech Brief: Collaboration Basics Tech Brief: Collaboration Basics Text Chapter: Peer Production Text Chapter: Peer Production Project Planning time Project Planning time –(Outline due to me by COB Friday)