Заглавная страница Избранные статьи Случайная статья Познавательные статьи Новые добавления Обратная связь FAQ Написать работу КАТЕГОРИИ: АрхеологияБиология Генетика География Информатика История Логика Маркетинг Математика Менеджмент Механика Педагогика Религия Социология Технологии Физика Философия Финансы Химия Экология ТОП 10 на сайте Приготовление дезинфицирующих растворов различной концентрацииТехника нижней прямой подачи мяча. Франко-прусская война (причины и последствия) Организация работы процедурного кабинета Смысловое и механическое запоминание, их место и роль в усвоении знаний Коммуникативные барьеры и пути их преодоления Обработка изделий медицинского назначения многократного применения Образцы текста публицистического стиля Четыре типа изменения баланса Задачи с ответами для Всероссийской олимпиады по праву Мы поможем в написании ваших работ! ЗНАЕТЕ ЛИ ВЫ?
Влияние общества на человека
Приготовление дезинфицирующих растворов различной концентрации Практические работы по географии для 6 класса Организация работы процедурного кабинета Изменения в неживой природе осенью Уборка процедурного кабинета Сольфеджио. Все правила по сольфеджио Балочные системы. Определение реакций опор и моментов защемления |
The protocol SSL and its extension PCTСодержание книги
Поиск на нашем сайте
Today the various mechanisms for the solution of the wide spectrum of problems of information safety maintenance in the INTERNET are developed. The most known and the most advanced information protecting mean is protocol Secure Socket Layer (SSL) offered by Netscape. The wide distribution of it is caused the SSL realization by the other large corporations such as the IBM, Microsoft and Spyglass. They have embedded this protocol in the applications using for systems based on architecture the client-server. The version SSL 2.0 takes into account two most important aspects of information protection in the network: authentication and enciphering. Authentication is necessary for confirmation of the fact that the user is legal, it usually needs for the user only to input the identifier (network "name") and password. However during authenticating process the intruder can "overhear" on the communication channel and intercept the user password and identifier. The mechanism of enciphering of the password and identifier before their sending via network is used for it prevention. The mechanism SSL and the authenticating methods of types PAP or CHAP that used in many remoted access systems, are mainly similar. The protection from UAA is necessary not only for user identificating data, but also for electronic mail or for confidential files loaded from FTP-server. In the SSL for these purposes is realizing the enciphering that allows to ensure the safety practically to the all information, transferred between user and server. Protocol SSL is not absolutely perfect. Some doubts concerning reliability of used enciphering mechanism are expressed. In order to correct this situation, the Microsoft has offered the extension of the protocol SSL that named PCT (Private Communications Technology). It is expected, that this new protocol will be embedded into the structure of the universal system "Information Server" for access in the INTERNET, created by Microsoft. The additional key specially intended for authentication is proposed in the PCT. Besides that the Microsoft is going to develop more proof algorithm for random numbers generation. This generator, intended for creating of enciphering key, is considered as one weaker item in the protocol SSL safety. It is mentioned, that protocol SSL even supplied with PCT options, is not capable to solve a problem of absolute safety of the information. The systems of general protection, the similar to the combination SSL and PCT only prevent an opportunity of viewing of transferring messages and data contents that may happened on communication lines. However they are not quite suitable for restriction or protection from access to the information sources. There are several groups of the INTERNET users, whose requirements are out from frameworks of standard confidentiality. For example, one of such large and influential groups — governmental structures. The absolutely reliable authentication is especially important for these structures. The critical importance for them has the guarantee that the users and information services are really legal. The system Fortezza is mechanism guaranteeing the increased information security level and more preferable to these users of the INTERNET.
COMPREHENSION CHECK Answer the questions. 1. Why should one provide the creation of information resources protecting system? 2. What types of information threats in the Internet do you know? 3. What does UAA mean? 4. How can the unauthorized access be performed? 4. What are the most widespread means for information protection? 5. What are the shortcomings of systems for protection from unauthorized users access? 6. What are the demerits of using Internet? 7. What is the most known information protecting mean? 8. Characterize the protocol SSL. Why is not SSL absolutely perfect?
|
||||
Последнее изменение этой страницы: 2016-12-10; просмотров: 622; Нарушение авторского права страницы; Мы поможем в написании вашей работы! infopedia.su Все материалы представленные на сайте исключительно с целью ознакомления читателями и не преследуют коммерческих целей или нарушение авторских прав. Обратная связь - 18.218.55.223 (0.008 с.) |