Category Archives: Security

基于口令加密 — PBE

PBE = Password Based Encryption 可以认为这种算法的KEY由两部分组成:   1.口令   — 人类可读的字符串,较恒久   2.盐     — 一个随机信息,相同的随机信息极不可能使用两次。

强烈推荐一个 Sniffer: Wireshark

这个Sniffer可以帮你打印在网络上输入/输出的数据报,支持整个协议栈;并且它是免费的,界面也非常好。  在SSL相关开发时使用这个东西可以帮到很大的忙。 Some useful filters:  1. tcp.port==8080 && http.request.method == "POST" 

Network Security Essentials — Notes10. Firewall

Firewall’s Goals   1. All traffic must pass through the wall   2. Only authorized traffic is allowed to pass   3. Immune to penetration Techniques   1.Service Control    — "This IP is blocked"   2.Direction Control  — "Currently we only allow outside traffic"   3.User Control       — "You are not allowed to get in" […]

Network Security Essentials — Notes9. DDOS

1.Distributed DoS: Attacker recrits a number of hosts to simulataneouly or coordinately launch an attack upon the target 2. What is it?   a. Classification of DDOS in terms of resource type:    i. Attack the host (SYN attack e.g.)    ii. Attack the network (ICMP EHCO attack e.g.)     b. SYN flood attack […]

Network Security Essentials — Notes8. Malicious Software

Malicious Software: Virus, Worm, Tojon …. 1.Division of Malicious Software     a.Division Method #1      i. Software that needs a host program, viruses, logic bombs, backdoors e.g.     ii. Software that is independent, worms, zombie programs e.g.   b.Division Method #2      i. Software that replicates, such as viruses and worms     ii. Software […]

Network Security Essentials — Notes6. Email Security

Two major schemes for Email Security: PGP and S/MIME 1.PGP: A package of five services   a.Authentication   — Digital Signature by HASH + RSA   b.Confidentiality        i.Generate a one-time symmertric key for each msg      ii.Distribute this key by encrypting it with receiver’s public key     c.Compression   d.Email Compatibility   e.Sementation 2.S/MIMIE: Let’s […]

Network Security Essentials — Notes7. Web Security

Three Approaches for Web Security:     1.IP-Level Security   2.SSL/TLS between TCP layer and Application Layer   3.Application-Level Security, such as PGP over SMTP and SET Over HTTP SSL/TLS   1.History: SSL is originated by Netscape. But TLS is the Internet standard version of it. TLS is essentially SSLv3.1 and it’s compatible with SSLv3   […]

Network Security Essentials — Notes5. Authentication Applications

1. Kerberos   a. Suitable for an distributed architecture consisting several servers and some clients   b. Based on symmertric key scheme   c. A 3rd-party provides authentication service   d. Fundamentals: It’s too complicated. Let’s forget it for now 2.X.509 Authentication Service   a. Overview     i.Related to directory service    ii.A framework of […]

Network Security Essentials — Notes3. Message Authentication

1. Message Authentication   a. Msg is not altered   b. Msg is indeed from the alleged sender   c. Msg is has not been artifically delayed or replayed 2.Two Techniques of Authentication    a. Encrypt the whole message before sending         Msg is authentic <=> encrypted msg can be successfully decrypted      Reversable Encryption/Decryption […]