Internet Security Technologies - Secure Socket Layer, Firewall

Internet Security Technologies

Encryption :

Encryption is the process of rendering data unreadable for snoopers. The designated receiver must have the correct key to decrypt the data. Hackers can intercept data over the network by eavesdropping, tampering, or impersonation. The strength of the encryption depends on the key length.

An encryption system can be of two types: public or private. In public key encryption, a pair of keys called the public key and the private key is used. The public key can be given to anyone and the sender uses it to encrypt the message. The receiver then uses his private key to decrypt the message. The private key is obviously not revealed. In private key encryption, the same key is used to encrypt and decrypt the data. The private key must be sent to the receiver through a secure connection.

SSL (Secure Socket Layer) :

Netscape Communications Corporation developed SSL for providing security and privacy over the Internet. The protocol supports server and client authentication. Since the protocol is application-independent, it allows other protocols like HTTP, FTP, and Telnet to be transparently layered on it. An Secure Socket Layer (SSL)-enhanced browser encrypts the data sent from the browser to the server. SSL uses encryption and certificates to authenticate websites and web users.

Firewall :

A firewall is an application that allows the user to control and filter packets flowing in and out of the network. Firewalls effectively block probes like ping, operating system fingerprinting, port scans and other types of intrusions. Many companies offer free firewall for personal use only.

A firewall may be software or hardware. A firewall is at the entry point of the network it protects. The most basic firewall performs packet filtering. In packet filtering, the firewall is the first program that receives and handles incoming network traffic and the last to handle outgoing traffic. The policy of filtering the packets may be based on allowing or disallowing packets based on:

• source IP address
• destination port
• protocol

Circuit Relay or Circuit Level Gateway provides additional security. This operates on the Transport Layer. This firewall also determines whether the connection between both ends is valid according to a set of configurable rules. It then opens a session and permits traffic from the allowed source for a limited time period.

Application level gateway acts as a proxy for applications. It performs all data exchanges with the remote system on behalf of the applications. It also allows or disallows network traffic according to specific rules. This is the most secure type of firewall.

OpenSource Resources :

The ipchains program is used for IP firewalling/packet filtering under Linux. This program allows the user to set up complex IP filtering and accounting rules. Support for ipchains is compiled directly into the Linux kernel.

The netfilter/iptables project is the Linux v.2.4.x or above firewalling subsystem. It offers the functionality of packet filtering (stateless or stateful), all kinds of NAT (Network Address Translation) and packet mangling. If you are running a recent Linux system (Kernel 2.4.x or above), you can use netfilter/iptables for all kinds of firewalling, NAT or other advanced packet processing.

The ipchains program can be downloaded from www.netfilter.org/ipchains/ and the netfilter/iptables from www.netfilter.org/.

We thank you for visiting our directory, and wish you well in whatever endeavor brought you here. We are constantly adding new information and resources to our site, both general and state specific in nature, so check back often.