1. 1 Managing Security Additional notes

2. 2 Intercepting confidential messages Attacker Taps into the Conversation: Tries to Read Messages Client PC Server Message Exchange

3. 3 Protection against message interception  Cryptography is the study of creating and using encryption and decryption techniques. Plaintext is the data before any encryption has been performed Ciphertext is the data after encryption has been performed The key is the unique piece of information that is used to create ciphertext and decrypt the ciphertext back into plaintext

4. 4 Public key Encryption-Decryption  Each partner has a private key (kept secret) and a public key (shared with everybody)  Sending  Partner A encrypts with the public key of Partner B  Partner B encrypts with the public key of Partner A  Receiving  Each receiver decrypt with its own private key Encrypt with Party B’s Public Key Partner A Partner B Decrypt with Party B’s Private Key

5. 5 Denial-of-Service attacks  Tear Drop attacks  Make the system unusable (crash it or make it run very slowly) by sending a stream of messages. Message Stream DoS Attack (Overloads the Victim) ServerAttacker http://www.solarwinds.net/tools/network_discovery/PingSweep/

6. 6 Protection against DoS attacks  DoS messages Are requests messages that require responses. Include ID information that might be a false identity Sender IDRequest Security systems for protecting against DoS attacks are designed to check for suspicious elements about the sender’s ID