The variation in color of human hair and mammalian fur have 在人的头发的颜色与哺乳动物毛皮的变化.docVIP

Internet Security Issues CHRISTOPHER P. AVRAM Department of Computer Technology, Monash University, 900 Dandenong Road, Caulfield East 3145, Vic., Australia Telephone: +61 3 9903 2553 FAX.: +61 3 9903 1071 E-Mail Address: C.Avram@FCIT..au ABSTRACT The evolution from private wide area networks to Intranets, that is, private local area networks interconnected with public, Internet links, has increased a number of security risks. The Internet is a loosely managed collection of cooperating parties. More than in any other computer system, security must be carefully managed. We discuss the following security issues: security as confidentiality, availability and integrity; threats; the SSL Internet security protocol; the role of certification authorities. A strong recommendation in favour of private C.A.s is made. 1. Introduction There are technical and other imperatives leading organisations to use the Internet to carry data which were once only carried over private and secure inter office links. At the same time there are increasing legal and more clearly outlined ethical reasons for organisations to provide strict security for much of this information. The world wide web protocols have been developed and software created to enable excellent levels of security. Assuming an organisation has control over the servers on which its Intranet is run, then a private certification authority can be created to provide a basic authentication service on which much of the Internet security is built. In this paper, these legal ethical and technical imperatives are outlined in the next section. The current trend toward Intranets is outlined in section 3. In section 4 we briefly outline current network security measures and some threats to Intranet security. Public key cryptography and X.509 certificates are briefly described in section 5 and followed in section 6 by the options available to an organisation for the choice of certification authority. 2. The security imperatives In t