基础计算机网络——网络安全 (Network Security)笔记

【Terminology 相关术语】

1. Confidentiality (机密性): only sender and intended receiver understand message contents

2. Authentication (身份验证): sender and receiver want to confirm the identity of each other

3. Message integrity (信息完整性): sender and receiver want to ensure message not altered

4. Access and availability (可访问性和可用性): services must be accessible and available to users

【Cryptography 加密】

1. Symmetric key: keys of sender and receiver are identical  

    K_A-B(K_A-B(m))=m

2. Public key: encryption key public, decryption key secret

    K_B^-(K_B⁺(m))=m

   when given public key, it should be impossible to compute private key, so we can use CA (trusted certification authority) to ensure that 

【RSA RSA加密】

Important property: K_B^-( K_B⁺(m))=K_B⁺( K_B^-(m))

【Message integrity】

【Digital signature 数字签名】

【Certification authority 认证机构】

In order to encrypt  message , the sender requires the public key from certification authority

【Fire walls 防火墙】

1. target: isolate organization's internal net from large internet, allowing some packets to pass, blocking others

2. reasons: 

    A. prevent denial of service attack

    B. prevent illegal modification / access of internal data

    C. allow only authorized access to inside network

3. router firewall: decision based on IP, Port, message type, SYN and ACK bits

【IDS 入侵检测系统】

1. packet filtering: 

    A. operations on TCP / IP header only

    B. no correlation check among sessions

2. IDS: Intrusion Detection System

    A. deep packet inspection: look at packet contents

    B. examine correlation among multiple packets

【Firewall VS IDS 防火墙VS入侵检测系统】

FirewallIDSpacket filtering
only operates on TCP/IPdeep packet check
check packet contentsno correlation checkexamine correlation among multiple packets