Networking

PasswordsThe Last Word

One last password-related topic is worth mentioning. A password is effective only if just the intended users have it. As soon as a password is given to someone else, its effectiveness as an authentication mechanism is diminished. As a tool for accountability, the password is almost useless. Passwords are a means of accessing a system and the data on it. Passwords that are known by anyone other than the intended user(s) might as well not be set at all.

Encryption

Encryption is the process of encoding data so that, without the appropriate unlocking code, the encrypted data can't be read. Encryption is used as a means of protecting data from being viewed by unauthorized users. If you have ever used a secure website, you have used encryption.

On private networks, encryption is generally not a very big issue. Modern network operating systems often invisibly implement encryption so that passwords are not transmitted openly throughout the network. On the other hand, normal network transmissions are not usually encrypted, although they can be if the need arises. A far more common use for encryption is for data that is sent across a public network such as the Internet or across wireless networks where outside users might be able to gain access to the data. In both of these cases, there is plenty of opportunity for someone to take the data from the network and then read the contents of the packets. This process is often referred to as packet sniffing.

By sniffing packets from the network and reading their contents, unauthorized users can gain access to private information. They can also alter the information in the packet. Therefore, the stronger the encryption method that is used, the better protected the data is.

A number of encryption methods are commonly used, including

  • IP Security (IPSec)

  • Secure Sockets Layer (SSL)

  • Triple Data Encryption Standard (3DES)

  • Pretty Good Privacy (PGP)