a Top-Down Approach (8th ed.):
Chapter 8 Security in Computer Networks
8.1 What Is Network Security?
Alice and Bob want to communicate "securely." Trudy: the intruder.
Desirable properties of secure communication (安全通信):
• Confidentiality (机密性).
• Only the sender and intended receiver should be able to understand the contents of the transmitted message.
• Because eavesdroppers may intercept the message, this necessarily requires that the message be somehow encrypted (加密) so that an intercepted message cannot be understood by an interceptor.
• Message integrity (报文完整性).
• Alice and Bob want to ensure that the content of their communication is not altered, either maliciously or by accident, in transit.
• End-point authentication (端点鉴别).
• Both the sender and receiver should be able to confirm the identity of the other party involved in the communication.
• Operational security (运行安全性).
• Attackers can attempt to deposit worms into the hosts in the network, obtain corporate secrets, map the internal network configurations, and launch DoS attacks.
• Operational devices such as firewalls and intrusion detection systems are used to counter attacks against an organization's network.
The scenario:
Alice, the sender, wants to send data to Bob, the receiver.
In order to exchange data securely, while meeting the requirements of confidentiality, end-point authentication, and message integrity, Alice and Bob will exchange control messages and data messages.
An intruder can potentially perform
• eavesdropping—sniffing and recording control and data messages on the channel.
• modification, insertion, or deletion of messages or message content.
The Internet equivalents of Alice and Bob:
• Human users at two end systems,
• exchange secure e-mail
• Participants in an electronic commerce transaction.
• transfer his credit card number securely to a Web server to purchase an item online.
• interact with her bank online.
• The parties needing secure communication
• The domain name system (DNS) or routing daemons that exchange routing information
• Network management applications.