No topic related to the Internet, with the possible exceptions of the fl ee availability of pornography and the plague of unwanted spam email, has received more attention in the mainstream media than “ security. ” For the average user the concerns are predominantly viruses that may infect their personal computers, causing inconvenience or damage to their data. Increasingly we also hear about white-collar e-criminals who steal personal fi nancial details or defraud large institutions after illegally gaining entry to their computer systems. We are also now all familiar with catastrophic failures of parts of the Internet. Although these are sometimes caused by bugs in core components (such as routers) or by the perennial backhoe cutting a cable or fi ber, they are increasingly the responsibility of individuals whose sole joy is to pit their wits against those who maintain the Internet.
Sometimes known as hackers, these people attempt to penetrate network security, or cause disruption through denial of service attacks for a range of motives. Corporate espionage is of relatively little concern to most people, but within every forward-looking company there is a person or a department responsible for keeping the company’s secrets safe. At the same time, the populist war against terrorism invokes contradictory requirements—that the government should be able to keep its information private while at the same time examining the affairs of suspects without them being able to hide their communications. Whatever the rights and wrongs of the politics and sociology, Internet security is a growth industgry. This chapter provides an overview of some of the issues and shows the workings of the key security protocols.
It introduces the security algorithms without going into the details of the sophisticated mathematics behind encryption algorithms or key generation techniques. For this type of information the reader is referred to the reference material listed at the end of the chapter. The first sections of the chapter examine the need for security, where within the network it can be applied, and the techniques that may be used to protect data that is stored in or transmitted across the network. There then follows a detailed examination of two key security protocols: IPsec, which provides security at the IP packet level, and Transport Layer Security (TLS), which operates at the transport layer and provides the Secure Sockets Layer (SSL). After a brief discussion of some of the ways to secure Hypertext Transfer Protocol (HTTP) transactions, which are fundamental to the operation of web-based commerce, the chapter describes how hashing and encryption algorithms are used in conjunction with keys to detect modification of data or to hide it completely—the Message Digest Five (MDS) hashing algorithm is presented as the simplest example. The chapter concludes with an examination of how security keys may be securely exchanged across the network so that they may be used to decrypt or verify transmitted data.