Internet Security Terms and Tips to Use with TCP/IP
Part of the TCP/IP For Dummies Cheat Sheet
You’re a network administrator, so you know that keeping your Web site secure is an ongoing challenge. You don’t have to know that TCP/IP stands for Transmission Control Protocol/Internet Protocol to use it effectively, but knowing the terms in the following list can make you better able to deal with security issues.
Advanced Encryption Standard: A secret key cipher used for encryption.
authentication: Proving you are who you say you are. The simplest form of authentication, an unencrypted username-and-password challenge (Who are you? James Bond. Okay, I believe you), often isn’t reliable enough for the Internet. On the Internet, where hackers and crackers can fake or steal more than your username and password, trust no one. Require authentication for users, computers, and IP addresses to be secure.
cipher: A means used to encrypt data. A cipher transforms plain text into scrambled cipher text. You can’t decipher the coded cipher text back into plain text without using some kind of key. For example, AES and DES are examples of secret key block ciphers. The complete encryption algorithm is the cipher plus the technique.
Computer Security Resource Center: A Web site that contains security publications, alerts, and news, including documents from the U.S. Department of Defense on security architecture and trusted systems. Located at the U.S. National Institute of Standards and Technology Computer Security Resource Clearinghouse.
digital certificate: A special, secure file that guarantees your online identity. A digital certificate contains security information, including your name and e-mail address, your encryption key, the name of the Certificate Authority, and the length of the certificate’s validity. (Who are you? James Bond. Can you prove your ID?). A digital certificate is a popular way to perform authentication on the Internet.
encryption: Scrambling your data by applying a secret code so that no one can read it without using a key.
IP Security (IPSec): A set of TCP/IP protocols that provide authentication and encryption services, but on a lower layer than TLS.
public key/private key: A key exchange encryption scheme that uses two keys to encrypt and decrypt data. Anyone can use a public key to encrypt data before it goes across the Internet. Only the receiver has the private key needed to read the data. Pretty Good Privacy (PGP) uses public key/private key encryption methods.
Transport Layer Security (TLS), Secure Socket Layer (SSL): TCP/IP protocols that guarantee privacy on a network by providing authentication and encryption. TLS and its nonstandard companion SSL ensure that your credit card information is safe when you bank or shop. TLS is newer and standard. SSL is still used more.