In introduction to cryptography and network security, you learn that cryptography translates as “secret writing”. It refers to the science or art of concealing meanings of data so that only the specified parties understand the content.
It has existed for thousands of years; however as history records the pioneer users of cryptography were associated with a Government or organized group or/ military to conceal secret messages from their enemies.
These days, encoded transmissions happen online every day – and cryptographic standards are used to Health information, Banking data, and much more. Without this would be almost impossible.
Since online security threats evolve so quickly; viruses, hackers, electronic eavesdropping, electronic fraud, so do the solutions on how best to use encryption to enhance network security; for Government, businesses and end users too.
Network security covers the use of cryptographic algorithms in network protocols and applications. In network security there are three branches.
- Security attacks-can either be classified as; passive attacks which involve the unauthorized reading of private messages and active attacks such as, modification of private messages and files.
- Security mechanisms-process designed to prevent, detect or recover from a security threat.
- Security services-include data confidentiality, access control, data integrity, authentication and nonrepudiation.
Network security is very necessary to prevent security threat and attacks.
- Threat-potential violation of security
- Attack- an assault on security system
To provide network security, security services are put into place. A security service is a service provided by a protocol, which ensures adequate security on the systems. A security service can be defined as a service provided by a system to give to give a specific kind of protection to the system resources. Security services implement security policies and are implemented by security mechanisms.
For network security to happen, some security practices take place
The use of mathematical logarithms to transform data to a form that is not readily intelligible
- Data signature
Data appended to a cryptographic transformation of a data unit that allows the recipient to prove the source and integrity of the data unit and protect against forgery.
- Data integrity
Variety of mechanisms used t ensures the integrity of a data unit or streams of data unit.
- Access control
Variety of mechanisms that enforce access rights to resources.
- Traffic paddling
This is the insertion of bits into gaps of a data stream to frustrate traffic analysis attempts.
- Authentication exchange
This is a mechanism put in place to ensure the identity of an entity by means of information exchange.
This is the use of a trusted third party to ensure certain properties of a data exchange are met.
- Routing control
Allows participation of selected physical secure routes for certain data and allows routing changes; when a breach of security is suspected.
Some practices are not specific to any IOS security service or protocol layer;
- Trusted functionality
E.g. as established by security policies.
- Event Detection
This is the detection of security relevant events.
- Security level
This is the making bound to a resource; which may be a unit data, that name or designated the security attributes of that particular resource.
- Security audit trail
Data collection can potentially be used to facilitate a security audit, which is an independent review, and examination of system records and activities.
Principles of network security are mainly;
- Confidentiality-concerned with preventing the unauthorized disclosure of sensitive and private information.
- Availability –ensures that a system authorized user has interrupted access to information in the system and network.