This module pinpointed the main tools, techniques, and requirements used to secure Internet, intranet, and
extranet systems from suspicious activities. By now, you should be able to:
- Explain the need for security
- Identify the characteristics of a good security plan
- Explain the basic methods used to keep connections to the Internet secure
- Describe the differences between the security needs for the Internet, intranets, and extranets
- Describe the various types of attacks that an Internet server is vulnerable to
- Describe the various types of technologies available to counteract server attacks
In this module, you were introduced to the following terms:
- Access control: The basic purpose of access control is to monitor access to information and sites.
- Firewall: Network security device that blocks a specific type of data or prevents data from specified sources from entering the network.
- Encryption: The process of disguising information to make it unreadable.
- Public-key encryption: A means to ensure user authorization. Public-key encryption has two keys: one to encrypt the material, the other to decrypt it.
- Secure Electronic Transactions (SET): A standard enabling secure credit card transactions on the Internet.
- Secure Sockets Layer (SSL): A protocol for secure network communications using a combination of public and secret key technology.
- Auditing: Reading and interpreting log files to identify hacker activity.
- Authentication: Proof that the user is who they claim to be. Generally achieved through a Digital Signature and validated through a Certificate Authority.
- Virtual Private Network (VPN): An alternative to a WAN that uses special software on client computers to connect across an intranet or the Internet to special software on a dedicated server.
- Non-repudiation: A service that documents the identities of both the sender and receiver of a data transmission so that neither can deny sending/receiving the message.
The next module is the course wrap-up.