Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Internet security
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Countermeasures== ===Network layer security=== [[TCP/IP]] protocols may be secured with [[Cryptography|cryptographic]] methods and [[Cryptographic protocol|security protocols]]. These protocols include [[Secure Sockets Layer]] (SSL), succeeded by [[Transport Layer Security]] (TLS) for [[web traffic]], [[Pretty Good Privacy]] (PGP) for email, and [[IPsec]] for network layer security.<ref>{{Cite web|url=https://www.tdktech.com/tech-talks/securing-the-network-layer-against-malicious-attacks/|title=Securing the Network Layer Against Malicious Attacks|date=October 27, 2020|website=TDK Technologies}}</ref> ===Threat modeling=== Threat Modeling tools helps you to proactively analyze the cyber security posture of a system or system of systems and in that way prevent security threats. ===Multi-factor authentication=== {{Main|Multi-factor authentication}} [[Multi-factor authentication]] (MFA) is an [[access control]] method in which a [[User (computing)|user]] is granted access only after successfully presenting separate pieces of evidence to an [[authentication]] mechanism β two or more from the following categories: knowledge (something they know), possession (something they have), and inference (something they are).<ref>{{Cite web|title = Two-factor authentication: What you need to know (FAQ) β CNET|url = https://www.cnet.com/news/two-factor-authentication-what-you-need-to-know-faq/|website = CNET|access-date = 2015-10-31}}</ref><ref>{{Cite web|url=https://www.iphonebackupextractor.com/blog/extract-data-two-factor-authentication/|title=How to extract data from an iCloud account with two-factor authentication activated|website=iphonebackupextractor.com|access-date=2016-06-08}}</ref> Internet resources, such as websites and email, may be secured using this technique. ===Security token=== {{Main|Security token}} Some online sites offer customers the ability to use a six-digit code which randomly changes every 30β60 seconds on a physical [[security token]]. The token has built-in computations and manipulates numbers based on the current time. This means that every thirty seconds only a certain array of numbers validate access. The website is made aware of that device's serial number and knows the computation and correct time to verify the number. After 30β60 seconds the device presents a new random six-digit number to log into the website.<ref>{{cite web|url=https://searchsecurity.techtarget.com/definition/security-token|title= What is a security token?|publisher=SearchSecurity.com|author=Margaret Rouse|date=September 2005|access-date=2014-02-14}}</ref> ===Electronic mail security=== ====Background==== [[Email]] messages are composed, delivered, and stored in a multiple step process, which starts with the message's composition. When a message is sent, it is transformed into a standard format according to <nowiki>RFC 2822</nowiki>.<ref>{{Cite journal|last=Resnick|first=Peter W.|editor-first1=P |editor-last1=Resnick |title=Internet Message Format|url=https://tools.ietf.org/html/rfc2822.html|access-date=2021-05-01|website=tools.ietf.org|year=2001 |doi=10.17487/RFC2822 |language=en|doi-access=free}}</ref> Using a network connection, the mail client sends the sender's identity, the recipient list and the message content to the server. Once the server receives this information, it forwards the message to the recipients. ==== Pretty Good Privacy (PGP) ==== {{Main|Pretty Good Privacy}} [[Pretty Good Privacy]] provides confidentiality by encrypting messages to be transmitted or data files to be stored using an encryption algorithm such as [[Triple DES]] or [[CAST-128]]. Email messages can be protected by using cryptography in various ways, such as the following: *[[Digital signature|Digitally signing]] the message to ensure its integrity and confirm the sender's identity. *Encrypting the message body of an email message to ensure its confidentiality. *Encrypting the communications between mail servers to protect the confidentiality of both message body and message header. The first two methods, message signing and message body encryption, are often used together; however, encrypting the transmissions between mail servers is typically used only when two organizations want to protect emails regularly sent between them. For example, the organizations could establish a [[virtual private network]] (VPN) to encrypt communications between their mail servers.<ref>{{cite web|url=http://itcd.hq.nasa.gov/networking-vpn.html|title=Virtual Private Network|publisher=NASA|access-date=2014-02-14|archive-url=https://web.archive.org/web/20130603122059/http://itcd.hq.nasa.gov/networking-vpn.html|archive-date=2013-06-03}}</ref> Unlike methods that only encrypt a message body, a VPN can encrypt all communication over the connection, including email header information such as senders, recipients, and subjects. However, a VPN does not provide a message signing mechanism, nor can it provide protection for email messages along the entire route from sender to recipient. ==== Message Authentication Code ==== {{Main|Message Authentication Code}} A [[Message authentication code]] (MAC) is a cryptography method that uses a [[Key (cryptography)|secret key]] to digitally sign a message. This method outputs a MAC value that can be decrypted by the receiver, using the same secret key used by the sender. The Message Authentication Code protects both a message's [[data integrity]] as well as its [[Message authentication|authenticity]].<ref>{{cite web|url=http://www.wisegeek.com/what-is-a-message-authentication-code.htm |title=What Is a Message Authentication Code? |publisher=Wisegeek.com |access-date=2013-04-20}}</ref> === Firewalls === {{Main|Firewall (computing)}} A [[firewall (computing)|computer firewall]] controls access to a single computer. A network firewall controls access to an entire network. A firewall is a security device β computer hardware or software β that filters traffic and blocks outsiders. It generally consists of gateways and filters. Firewalls can also screen network traffic and block traffic deemed unauthorized. ====Web security==== Firewalls restrict incoming and outgoing [[network packet]]s. Only authorized traffic is allowed to pass through it. Firewalls create checkpoints between networks and computers. Firewalls can block traffic based on IP source and TCP port number. They can also serve as the platform for IPsec. Using tunnel mode, firewalls can implement VPNs. Firewalls can also limit network exposure by hiding the internal network from the public Internet. ====Types of firewall==== ===== Packet filter ===== A packet filter processes network traffic on a packet-by-packet basis. Its main job is to filter traffic from a remote IP host, so a router is needed to connect the internal network to the Internet. The router is known as a [[screening router]], which screens packets leaving and entering the network. ===== Stateful packet inspection===== In a [[stateful firewall]] the [[circuit-level gateway]] is a [[proxy server]] that operates at the network level of an [[OSI model|Open Systems Interconnect (OSI) model]] and statically defines what traffic will be allowed. Circuit proxies forward [[network packet]]s (formatted data) containing a given port number, if the [[Port (computer networking)|port]] is permitted by the [[algorithm]]. The main advantage of a proxy server is its ability to provide [[Network Address Translation]] (NAT), which can hide the user's IP address from the Internet, effectively protecting internal information from the outside. ===== Application-level gateway ===== An [[application-level firewall]] is a third-generation firewall where a [[proxy server]] operates at the very top of the OSI model, the [[Internet protocol suite|IP suite]] application level. A network packet is forwarded only if a connection is established using a known protocol. Application-level gateways are notable for analyzing entire messages rather than individual packets. === Browser choice === {{main|Browser security}} Web browser market share predicts the share of hacker attacks. For example, [[Internet Explorer]] 6, which used to lead the market,<ref name="browser stats">{{cite web|url=https://www.w3schools.com/browsers/default.asp|title= Browser Statistics|publisher=W3Schools.com|access-date=2011-08-10}}</ref> was heavily attacked.<ref name="time to drop IE6">{{cite web|url=https://www.pcworld.com/article/191356/its_time_to_finally_drop_internet_explorer_6.html|title=It's Time to Finally Drop Internet Explorer 6|author=Bradly, Tony|publisher=PCWorld.com|access-date= 2010-11-09}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)