July Proverbs
In all things, we hope most beautiful; the most beautiful thing, never die. - Stephen King
chapter eight
This chapter computer network security
First, what is the network security
- Confidentiality: In order to ensure that the content is not send understand others.
- Integrity: To ensure the content is not tampered with
- Endpoint identification: In order to ensure not receive messages imposter
- The legitimacy of the message content to identify an organization or agency sent and received: operating safety
Second, the principle of cryptography
In symmetric encryption, the encryption key and decryption key are the same; and in the public key system, an encryption and decryption key are different, and the encryption key is public.
- Caesar cipher. K replacing each letter with the letter alphabet.
- Caesar cipher instead of the password based on the improved single code. A letter of the alphabet used in place of another letter.
- Multi-code instead of the password. Alternately using different rules single code in place of a password.
Caesar cipher has a significant drawback in that same plaintext letter in the same ciphertext character, so you can use statistical analysis of the way to crack the code.
According to information possessed by the attacker, the attack can be divided into the following three kinds
- Ciphertext-only attack: the attacker only know the ciphertext, then you can use the statistical analysis of the frequency of letters to attack Caesar cipher
- Known plaintext attack: the attacker knows the plain text will appear in a few words, to attack Caesar cipher ciphertext according to these words
- Chosen-plaintext attack: the attacker to get some ciphertext corresponding to the plaintext, thereby attack. This is somewhat similar to a known plaintext attack
4. The block cipher. The amount to be encrypted packet is processed as blocks of k bits, k bits are mapped to encryption according to a k-bit blocks and keys.
The Cipher Block Chaining (Cipher Block Chaining, CBC) to send a message only the first random value, and then using the calculated random number subsequent coded block in place, to avoid the same code produces the same ciphertext block, so as to prevent guessing plaintext.
Third, message integrity and digital signatures
3.1: Integrity is the message, the recipient in order to identify packets received, confirm that:
- Really hope that the message from the sender.
- The message has not been tampered with on the way to arrive.
3.2: Digital signature is a cryptographic technique implemented in the digital domain.
- To use the digital signature of the sender: the sender to make his initial long message through a hash function. Then he hashed digitally signed with its private key. Clear text of the original message has been digitally signed, together with the message digest one is sent to the recipient.
- The step of the receiving side: receiving a public key of the sender side first applied to obtain a hash result packet. Then put the hash function to the plaintext message to obtain a second hash result. Ruoguo two hashes match, the recipient can be confident of the integrity of the message and the sender.
Fourth, identify the breakpoint
Fifth, secure e-mail
Sixth, the use of TCP Connection security: SSL
Seven, the network layer security: IPsec and Virtual Private Network
Eight, unlimited use of LAN security
Nine, run security: firewalls and intrusion detection systems