Linux Security: Kinds of Encryption
by Mark G. Sobell - Author's Homepage - Thursday, 17 April 2003.
This is an excerpt from "A Practical Guide to Red Hat Linux 8". An interview with the author is available here.

Security

Security is a major part of the foundation of any system that is not totally cut off from other machines and users. Some aspects of security have a place even on isolated machines. Examples are periodic system backups, BIOS or power-on passwords, and self-locking screensavers.

A system that is connected to the outside world requires other mechanisms to secure it: tools to check files (tripwire), audit tools (tiger/cops), secure access methods (kerberos/ssh), services that monitor logs and machine states (swatch/watcher), packet-filtering and routing tools (ipfwadm/iptables/ipchains), and more.

System security has many dimensions. The security of your system as a whole depends on the security of individual components, such as your e-mail, files, network, login and remote access policies, as well as the physical security of the host itself. These dimensions frequently overlap, and their borders are not always static or clear. For instance, e-mail security is affected by the security of files and your network. If the medium (the network) over which you send and receive your e-mail is not secure, you must take extra steps to ensure the security of your messages. If you save your secure e-mail into a file on your local system, you rely on the filesystem and host access policies for file security. A failure in any one of these areas can start a domino effect, diminishing reliability and integrity in other areas and potentially compromising system security as a whole.

This short appendix cannot cover all the facets of system security but does provide an overview of the complexity of setting up and maintaining a secure system. This appendix provides some specifics, concepts, guidelines to consider, and many pointers to security resources.

Other Sources of System Security Information

Depending on how important system security is to you, you may want to purchase one or more of the books dedicated to system security, read from some of the Internet sites that are dedicated to security, or hire someone who is an expert in the field. Do not rely on this appendix as your sole source of information on system security.

Encryption

One of the building blocks of security is encryption, which provides a means of scrambling data for secure transmission to other parties. In cryptographic terms, the data or message to be encrypted is referred to as plaintext, and the resulting encrypted block of text as ciphertext. A number of processes exist for converting plaintext into ciphertext through the use of keys, which are essentially random numbers of a specified length used to lock and unlock data. This conversion is achieved by applying the keys to the plaintext by following a set of mathematical instructions, referred to as the encryption algorithm.

Developing and analyzing strong encryption software is extremely difficult. There are many nuances and standards governing encryption algorithms, and a background in mathematics is requisite. Also, unless an algorithm has undergone public scrutiny for a significant period of time, it is generally not considered secure; it is often impossible to know that an algorithm is completely secure but possible to know that one is not secure. Time is the best test of an algorithm. Also, a solid algorithm does not guarantee an effective encryption mechanism, as the fallibility of an encryption scheme frequently lies in problems with implementation and distribution.

Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //