Database Reference
In-Depth Information
second line of defense. A wrapper runs as a surrounding layer of software, wrap-
ping around other software.
For example, if a user is attempting to do a file transfer to you through FTP, the
user will first get a wrapper that would then engage FTP. The wrapper is transpar-
ent to the user. Wrappers offer a lot of flexibility. Wrappers can act like firewalls
and can refuse access based on the user sign on. Also, wrappers can give indications
on how the security system is working because they log all accesses. Another inter-
esting use for wrappers is the creation of blind alleys that can help trap intruders.
Proxy Servers
A proxy server is a computer system placed between a browser
and a Web server. The proxy server intercepts all requests to the server and deter-
mines whether the request can be approved. First, the proxy server makes a deter-
mination of whether it could fulfill the request by itself. If not, and if the request is
legitimate, the proxy server passes on the request to the Web server.
By saving the results of requests for a certain period, a proxy server is able to
fulfill requests without sending them to the regular Web server. In this way, proxy
servers can improve performance.
Proxy servers can effectively hide the actual location of data. For example, proxy
servers can point to other proxy servers. The actual data can sit far away from the
server itself. A local or remote browser connects to a server. But the server can
forward the request to another server, and the second server can forward the request
to a third server, and so on. The client cannot know where exactly the data come
from.
A separate proxy server can be assigned to each major service such as Telnet,
FTP, and so on. By doing this, you can route requests accordingly and distribute
server loads to different physical machines. In addition to the benefit of data hiding,
you also benefit from reduced load on the servers.
Digital Signatures and Digital Certificates
First, try to understand what a message digest algorithm is. Take a message in the
form of an arbitrary string and generate a fixed-length string of bits, called a digest
of the original message. An algorithm that can generate such a digest is known as
a message digest algorithm. No two messages can generate the same digest. The
digest gives no clues about the original message. We now proceed to the applica-
tion of message digests.
Digital Signatures
Similar to regular handwritten signatures, digital signatures
can be used to verify the origin of a message. A digital signature consists of two
parts: a bit string computed from the data that are being signed and the private key
of the signatory (an individual user or an organization).
Here are the main features of digital signatures:
•
You can verify the authenticity of a digital signature by applying a computa-
tion based on the corresponding public key of the user.
•
No one can forge a digital signature provided the private key has been kept
secret, as required.
Search WWH ::
Custom Search