Mạng và viễn thông P39

Network Security MeasuresImprovements in,andexpansionsof,communicationssystemsandnetworkshaveleftmany companies open to breaches in confidentiality, industrial espionage and abuse. Sometimes such breaches go unnoticed for longperiods,andcanhaveseriousbusiness or costimplications. Equally damaging can the impactof simple mistakes, misinterpreted, or distorted information. be Increased belief in the reliability of systems and the accuracy of information has brought great gains in efficiency,but blind belief suppresses the questions which might have confirmed the need for corrections. ...
Nội dung trích xuất từ tài liệu:
Mạng và viễn thông P39 Networks and Telecommunications: Design and Operation, Second Edition. Martin P. Clark Copyright © 1991, 1997 John Wiley & Sons Ltd ISBNs: 0-471-97346-7 (Hardback); 0-470-84158-3 (Electronic) 39 Network Security Measures Improvements in,andexpansionsof,communicationssystemsandnetworkshaveleftmany companies open to breaches in confidentiality, industrial espionage and abuse. Sometimes such breaches go unnoticed for longperiods,andcanhaveseriousbusiness or costimplications. Equally damaging can the impactof simple mistakes, misinterpreted, or distorted information. be Increased belief in the reliability of systems and the accuracy of information has brought great gains in efficiency,but blind belief suppresses the questions which might have confirmed the need for corrections. This chapter describes the various levels of information protection which may be provided by different types of telecommunications networks, and the corresponding risks. goes It on to make practical suggestions about how a company’s protection needs could be assessed, and how different types of information can best be secured in transit39.1 THE TRADE-OFF BETWEEN CONFIDENTIALITY AND INTERCONNECTIVITY The man whosold the first telephone must have been a brilliant salesman, for there was no-oneforthe first customer to talkto!Ontheotherhand,what confidence the customer could have had that there were no eavesdroppers on his conversations! The simplicity of the message should be a warning to all: the more people on your network, the greater your risk. As the number of connections on a network increases, users are subjected to 0 the risk of interception, tapping or ‘eavesdropping’ e greater uncertainty about who they are communicating with (have you reached the right telephone or not, which caller might be masquerading as someone else?) 0 the risk of time-wastingmistakes (an incorrect access to a databaseor a mis- interpretation of data may lead to the corruption or deletion of substantial amounts of data) 711712 MEASURES SECURITY NETWORK 0 the nuisance of disturbance (wrong number calls, unsolicited calls from salesmen; worse still; forced entry by computer hackers, or abuse of the network by third parties to gain free calls at your expense) Too often, much thought goes into improving the connectivity of networks, but too little is applied to information protection. Risks creep in, often unnoticed. We discuss next the different types of protection which are available.39.2 DIFFERENT TYPES OF PROTECTION The information conveyedacross communication networks maybeprotectedfrom external distortion or abuse by any one of four basic means (Figure 39.1). 0 encryption: coding of the information, so that only the desired sender and receiver of the information can understand it, and can tell if it has been distorted. 0 network access control, allowingonly authorized users to gain access to the communications network at its entry point. 0 path protection, permitting only authorized users to use specific network paths. 0 destination access control, allowing only authorized users to exit the network on a specific line, or to gain access to a specific user. A combination of the four different protection methods will give the maximum overall security. Methods which are available in the individual categories set out below. 2) nework access 4) destination access only possiblefrom control at the network authorised locations exit point Network Caller Destination 3) network path only infcmation , . users authorised for is encryprea Figure 39.1 Four aspects of communications security and protectionENCRYPTION 71339.3 ENCRYPTION Encryption (sometimes called scrambling) is available for the protection of both speech and data information.A cypher or electronic algorithm can be used to code the informa- tion in such a way that it appears to third parties like meaningless garbage. A com- bination of a known codeword (or combination of codewords) and a decoding formula are required at the receiving end to reconvert the message into something meaningful. The most sophisticated encryp ...