Network security
Network security

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Free course

Network security

10.2 Summary of Sections 6–9

Integrity relates to assurances that a message has not been tampered with in any unauthorised way. A method of providing this assurance is to create a message digest, which gives a concise identity of the original message, and append it to the message. The message digest of the received message can then be calculated and checked for discrepancies against the digest sent. A message digest takes the form of a small fixed-length block of data known as a hash value. A hash value created by a one-way hash function is relatively easy to compute but difficult to reverse.

Time stamps, sequence numbers and nonces are used to provide assurances about the freshness of a message and help to prevent replay attacks.

Message authentication can be provided by including a digest of the message encrypted by the sender's private key. The encrypted digest is known as a digital signature. The recipient decrypts the digest using the sender's public key, computes a new digest of the received message and compares the results. A certification authority is a trusted third party that is able to validate public keys by issuing a digital certificate that binds the identity of the user with the key.

The most common ways of controlling access to communication networks are restricting mechanical access and implementing password schemes and firewalls. Strong passwords can be generated provided that they contain no recognisable structure. Such passwords should be capable of withstanding, at least for a useful period of time, brute force and other computer-assisted discovery techniques. However, such passwords are difficult to remember and human factors become critical.

Firewalls are implemented to control traffic at the borders of protected networks. Three approaches are based on packet-filtering rules (packet-filtering router), application type and content (application level gateway) and validity of transport connection (circuit level gateway). These approaches in varying combinations can provide firewalls appropriate to the level of perceived threat, but sufficiently non-restricting to legitimate users of the protected networks.

T823_1

Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371