Cryptography involves encryption and decryption to safeguard data

Cryptography involves encryption and decryption to safeguard data

  • There are two types of threats internal and external
  • Cryptography involves encrypton and decryption to safeguard data
  • Digital signatures involve the use of private and public keys
  • Authentication involves verification before starting communication
  • Encryption refers to conversion of plain text into cipher text
  • Decryption means converting the cipher text back to plain text
  • Firewall blocks unwanted and unathorized access to system resources
  • Demilitarized zone is usally present between the firewall and internet
  • VLAN is a switched network logically segmented on an organizational basis
  • RAID uses different techniques of using multiple drives for data protection
  • Network Attached Storage is used to implement a file sharing server
  • SAN is used to transfer data between storage devices and computers
  • Tape backup is essential in case of hrdware or server crash
  • SSL is designed to provide security and compression services to data
  • IPSEC provides security to a packet at the network level
  • PPTP allows secure data transfer from a remote client to a private server
  • Point-to-Point Protocol (PPP) is used for point to access
  • SLIP is used to send IP datagrams between serially connected devices

An application layer solution. It is a connection-oriented service and thus uses TCP ONLY. SSH is primarily used for shell based solutions and ideally won’t be used to protect web browsing sessions and other application services (though it can via port forwarding)
Uses public key cryptography to prove the authenticity of the remote user. SSH can generate an RSA key pair (I believe Diffie-Hellman can also be used). It uses what’s known as a fingerprint which is a snapshot of an individual host’s actual public key (for instance the RSA public portion). The fingerprints are usually 128 bits in length. It is what the user can use to verify that a public key is that of an individual or host. SSH will maintain a list of trusted hosts. The actual data communication is secured using symmetric cryptography such as AES or 3DES, IDEA
The public portion of the key is transmitted to the remote endpoint/server via an out-of-band mechanism. Also a lack of key management
SSH does provide some extensible features. Two of these are port forwarding and secure tunneling. With port forwarding, you can tell the SSH daemon to listen to data communication on a particular port and forward this communication to the encrypted SSH session. This allows you to protect other services as well. In Linux, X11 forwarding takes advantage of this. X11 is used for graphical display of a remote system on your localhost. With port forwarding, SSH can be used to provide an encrypted session for X11