Tag: computers and internet

1. Introduction Authentication requirements of computing systems and networking protocols vary within very wide limits. Passwords that are vulnerable to attack a passive type, can not meet the requirements of modern Internet CERT94. And in addition to passive attacks in a network environment nearly always taken active methods Bellovin89, Bellovin92, Bellovin93, CB94, Stoll90. 2. Definitions and terminology used herein active attacks. Trying to incorrect modification data for authentication or authorization by inserting false packets into the data stream, or derivatives thereof.

Asymmetric cryptography. Cryptographic system that uses different keys for encryption and decryption. These two keys are mathematically related. Also called public key cryptography. Authentication.

Identifying the source of information. Authorization. Granting access rights based on authentication. Privacy Policy. Protection of information, so that the person is not authorized to access the data, could not read them, even if you have access to the appropriate directory or network packet. Encryption. Mechanism used to ensure confidentiality. Integrity. Protecting information from unauthorized modification. Key certificate. Information structure, consisting of a public key identifier persons, systems and information, authenticates the key and association with a public key identifier. Keys used by pem, are examples of key certificate Kent93. Passive attack. An attack on an authentication system that does not involve the introduction of any data stream, but based on the possibility of monitoring the information exchanged between other partners. This information can be used later. Source text (Plain-text). Plain text. Attack play (Replay Attack). The attack on the authentication system by recording and subsequent playback previously sent the correct message, or parts thereof.

It is possible that data can be transferred to the third car. In this case, the user arranges the control channel with two servers and organizuetpryamoy data channel between them. Management team are by the user, and data directly between the servers (Figure 4.3). The control channel should be opened when transferring data between machines. In the case of the closure of data transfer is terminated.

Fig. 4.3. Connection with two different servers and data transfer between them. Modes of communication in the protocol a lot of attention paid to different ways of exchanging data between machines of different architectures. Indeed, what is there not on the Internet, from pc and Macs to supercomputers. They all have different word length and many different order of bits in a word. In addition, various faylovyesistemy work with different data organization, which is expressed in the concept of an access method.

In general, case, in terms of ftp, the exchange can be threaded, or block, encoded in an intermediate format or without text or binary. Pritekstovom exchange of all data is converted to ascii and in this form are transmitted over the network. Exception constitute only the data ibm mainframe, which at in ebcdic, if both interacting machines ibm. Binary data is transmitted sequence of bits, or are during the session management. Usually, when streaming data is transferred in one session one data file, while block method for can send multiple files. Having described in general terms, the communication protocol, you can go to the description of means of sharing via ftp.

The quality and speed of data transmission at high level, prices for services are not high. True modem itself a bit pricey, but some operators modems lease-purchase. Connecting via a dedicated channel. Now, many providers offer services connect to the Internet via leased line. For a start, I'll specify who the provider. In summary, the Provider is a company that provides services to connect to the internet. In order not to go into technical details, I will simple: a dedicated line – a line of communication (kaknal data).

This connection data is transferred via special cable (fiber or twisted pair), which on the one hand is connected to equipment provider, usually located in the basement or the attic of the building, on the other side of the network card on your computer. And as the data transfer can be wireless, using WiFi connection, which is very convenient when moving within the building. I myself use this method of connection and see it only advantages, it is high, very high quality data transmission, and low cost, and connectivity unlimited package mobility with WiFi connection. The only thing necessary – is the availability of the network card and if you have WiFi, you need a WiFi adapter. Radiointernet – connect with a special antenna. This kind of connection is used if provider for some reason can not stretch the cable to the desired location using the Internet, but can provide a wireless access point. Access point must be within line of sight at a distance no more than 5km away from the desired location using the Internet.

For example, Secure snmp and SNMPv2 compute cryptographic MD5 checksum of shared secret for a block of data and information that must be authenticated Rivest92, GM93. This serves to In order to authenticate the source of the data it is assumed that this amount is extremely difficult to falsify. She did not mention the fact that they themselves sent data is valid, but only that they are sent exactly the data sender. Cryptographic checksums can be used to get on the effective authentication, and are particularly useful in the exchange of computer-computer. The main difficulty of implementation – the transfer of keys. 4.4. Digital signature (signature) digital signature is a cryptographic mechanism that is analogous to a handwritten signature. It serves to authenticate the data block, and confirms that it received from the sender.

A digital signature using asymmetric cryptography (public keys) may be useful to determine the source of messages even if the sender denies authorship. Digital signature provides authentication without confidentiality, as the text of the message is not encrypted. A digital signature is used in a system of confidential mail pem (Privacy Enhanced Mail) Linn93, Kent93, Balenson93, Kaliski93. 5. User authentication on a computer there many different approaches to user authentication on remote computer. There are two threats when accessing remote computers. First, an attacker can intercept the user id and password, and later use them in an attack 'play'. Secondly, the form of a password allows an attacker to try to guess. Currently, most systems use plain text to send passwords over the network channels that greatly simplifies the interception Anderson84, Kantor91.