Why should autentisasi ... ..? The Internet is a public network, and is open to everyone all over the world to join. Once the size of this network, have caused profits and losses. Often we hear and read about bobolnya bank financial computer systems, the Pentagon classified information or data bases students' academic transcripts. The sentence is adequate to represent the statement that we should be 'vigilant' against those 'evil' and always try to minimize the possibility for them to be able to perform his evil intentions. It's easy to exclude the possibility of infiltration (illegal access) from the outside by closing all inbound traffic channel service to the internal network. But this means has reduced the main advantages of the network: communication and the use of shared resources (sharing resources). Thus, a natural consequence with a large enough network, is to accept and try to minimize this risk, not destroy.
We will start from a network-administrator (NA), which has done a good job, in preparing the 'defense' for all services, inbound outbound and anonymous. Need some additional things that should be remembered again. Whether the defense is strong enough for the theft of the relationship (hijacking attack)? What is in it already considered the possibility of illegal monitoring of information packets are sent (packet sniffing - playback attack)? Or is it included readiness to actually illegal access within the system (false authentication)?
Hijacking usually occurs on computers that contact our network, although for some rare cases, can occur at any point in its path. So it is sensible to consider granting the trust a NA of access, only from computers that most do not have the same security system or perhaps more 'strong', compared with the network under its responsibilities. Business minimize the chances of this tragedy, can also be done by adjusting the packet-filter well or use a server modifications. For example, we can provide anonymous-FTP facility for any computer anywhere, but authenticated-FTP is only given to those hosts listed in the list of 'trust'. Hijacking the middle of the path can be avoided with the use of encryption between networks (end to end encryption).
Confidentiality of data and passwords is also the topic of security design. Programs that are dedicated to packet-sniffing can automatically display the contents of each packet of data between client and server. Password protection of such crimes can be done with the implementation of single-use passwords (non-reusable passwords), so that although they could be monitored by the sniffer, the password can not be used again.
The risk of hijacking and sniffing data (not the password) can not be avoided altogether. This means that NA should consider this possibility and perform optimization for the smaller its chance. Restricted number of accounts with full access and remote access time, is one form of optimization.
No comments:
Post a Comment