Computer Sciences and Information Technology
In a managers’ meeting between the information technology administrator, the lead for the consultant group, and the dean of information technology, it is apparent that a review of the computer and network infrastructure has not been done for a year concerning the use of cryptography and distributed system authentication. The dean of IT has asked for a checklist provided to the university recommending the security hardware and software needed to secure organizational computer systems. The recommendation should include the correct cryptographic algorithms and devices that must be deployed to secure the organizational network. The checklist should address the following:
Hardware and software
Skill sets needed for the implementation of security and authentication mechanisms
Policies needed relative to encryption and decryption
Comparisons between cryptography, hashing, symmetric encryption, asymmetric encryption, and public key infrastructure (PKI)
Be sure to document your references using APA format.
The security of network distributions can be achieved through various options f security mechanism. Network security promotes privacy of information which is made available to only the authorized users. Data is compromised when it is exposed to unauthorized persons for modification in improper ways. Guaranteed security can be enforced by various kind of controls such as authentication and identification of different machines and users. Encryption techniques can also be used to protect the network or data storage mechanisms as well as audit and control. The different protection measures can be done in an organization through regular practices and user training.
To protect the software, protection methods like authentication is used which ensure the validity of the message being transmitted. The authentication protection measure can also be used to protect the hardware because the procedure establishes the validity of two parties which can be between a user to another user or from a computer to another (Welch et al.2013). Hardware security is the protection of the physical device while software security is the protection of the installed internal devices. The access control measure can be applied in evaluating a request by the user in the system for data and resources access. Softwares can be installed to establish the necessary policies of denial or access to the system. The audit measure examines the policies, controls and procedures that ensure compliance and the examination of the system’s activities hence adequacy of the system controls. The authentication process can be applied on the both the software and the hardware because it establishes identity between one party to another. Other hardware security modules include cryptographic keys for encryption and decryption.
The authentication mechanisms can be based on the information that the user knows such as password or PIN identification. The PIN or password can be in encrypted form and the user is expected to enter the required encryption that matches the stored encryption in the system for successful authentication. Passwords are considered as the easiest way and the cheapest way for authentication. However, passwords are meant to be private to avoid attacks and compromise of the various accounts. Also, authentication can be based on what the user possesses such as a token which has a unique cryptographic key in it hence making it easily identifiable by the computer. Moreover, authentication through cryptographic tokens is stronger than password authentication hence control of identity (Stallings,2016). Cryptographic enabled security enables a complex authentication over an insecure channel in which a potential adversary cannot comprehend. End to end cryptography maximizes the data protection of a system regardless of the location of the data. The basics of encryption and cryptography are based on a cipher also known as mathematical algorithm that makes the authentic information a secret. For a cryptographic algorithm to work it requires a code or key to make the needed information accessible (Karygiannis and Owens,2012). Encryption development should be a big part of the whole organizational network risk management. However, encryption authentication such as tokens may be risky because the authentication only requires token based identification and not the users. Therefore, the token maybe forged, stolen or lost hence risking another user to masquerade as the legitimate user.
The policies that govern encryption includes he decision ton what to encrypt. The decision is based on the structured and unstructured data sets depending on the storage data method and the risk level of the particular organization’s information (Stallings,2016). The data in motion, data at rest and the data in use are the basic of data states that may require encryption through their life cycle hence requiring different methodologies for security. Encrypting a system takes time because of the various techniques and data sets at hand hence it is key to build a strategy before the encryption. The strategy should include the data classification, collaboration with the management team and key management.
Cryptography is a confidential message that can be transmitted through encryption using meaningless keys that can be converted or reversed to be meaningful again using the same keys in a process called decryption. The process of encryption involves a plain text which is formatted for the encryption process by using a block cipher. Then key sequences extracted from it hence transforming the plain text into cipher text. Symmetric encryption is the shared keys or encryption that can be used to decrypt or encrypt traffic. Some of the common algorithms used in symmetric encryption include DES, AES, 3DES and RC4 (Welch et al.2013).The algorithms are easy to implement due to their low complexity. On the other hand, asymmetric encryption differs from symmetric encryption because it uses two keys for encryption and decryption. One of the algorithms used in this type of encryption is RSA. Also, asymmetric encryption is much slower and complex compared to symmetrical encryption. The major strength of asymmetric encryption is its ability to secure non secure mediums such as the internet. Hashing differs from all these types of encryption because it does not follow the two step process of encryption and encryption. Instead, hashing condenses the message into a hash which is an irreversible and fixed length value. Some of the common hashing algorithms include SHA-1 and MD5.However, it is impossible to retrieve the original message from hash; therefore, harsh is only used to verify data. Hash secret keys and algorithms are mainly used for error checking.
Karygiannis, T., & Owens, L. (2012). Wireless network security. NIST special publication, 800, 48.
Stallings, W. (2016). Cryptography and Network Security, 4/E. Pearson Education India.
Welch, V., Siebenlist, F., Foster, I., Bresnahan, J., Czajkowski, K., Gawor, J., … & Tuecke, S. (2013). Security for grid services. arXiv preprint cs/0306129.