68 - DeviceMaster Security DeviceMaster Installation and Configuration Guide: 2000594 Rev. F
Understanding Security Methods and Terminology
Secure Config
Mode
Unencrypted access to administrative and diagnostic functions are disabled. See Security
Modes on Page 71 and Configure/Enable Security Features Overview on Page 79 for more
information.
Secure Monitor
Data Mode via
Telnet
Allows monitoring of a single serial port on the DeviceMaster while the port is configured for
Secure Data Mode. For more information see, the Enable Monitoring Secure Data via Telnet
option on Page 81.
Man in the
Middle attack
A man in the middle attack is one in which the attacker intercepts messages in a public key
exchange and then retransmits them, substituting his own public key for the requested one,
so that the two original parties still appear to be communicating with each other.
The attack gets its name from the ball game where two people try to throw a ball directly to
each other while one person in between them attempts to catch it. In a man in the middle
attack, the intruder uses a program that appears to be the server to the client and appears to
be the client to the server. The attack may be used simply to gain access to the message, or
enable the attacker to modify the message before retransmitting it.
How Public
and Private
Key
Cryptography
Works
In public key cryptography, a public and private key are created simultaneously using the
same algorithm (a popular one is known as RSA) by a certificate authority (CA).
The private key is given only to the requesting party and the public key is made publicly
available (as part of a digital certificate) in a directory that all parties can access.
The private key is never shared with anyone or sent across the Internet. You use the private
key to decrypt text that has been encrypted with your public key by someone else (who can
find out what your public key is from a public directory).
Thus, if User A sends User B a message, User A can find out User B’s public key (but not User
B’s private key) from a central administrator and encrypt a message to User B using User B’s
public key. When User B receives it, User B decrypts it with User B’s private key. In addition
to encrypting messages (which ensures privacy), User B can authenticate User B to User A
(so User A knows that it is really User B who sent the message) by using User B’s private key
to encrypt a digital certificate. When User A receives it, User A can use User B’s public key to
decrypt it.
Who Provides
the
Infrastructure?
A number of products are offered that enable a company or group of companies to implement
a PKI. The acceleration of e-commerce and business-to-business commerce over the Internet
has increased the demand for PKI solutions. Related ideas are the virtual private network
(VPN) and the IP Security (IPsec) standard. Among PKI leaders are:
• RSA, which has developed the main algorithms used by PKI vendors.
• Verisign, which acts as a certificate authority and sells software that allows a company
to create its own certificate authorities.
• GTE CyberTrust, which provides a PKI implementation methodology and consultation
service that it plans to vend to other companies for a fixed price.
• Xcert, whose Web Sentry product that checks the revocation status of certificates on a
server, using the Online Certificate Status Protocol (OCSP).
• Netscape, whose Directory Server product is said to support 50 million objects and
process 5,000 queries a second; Secure E-Commerce, which allows a company or extranet
manager to manage digital certificates; and Meta-Directory, which can connect all
corporate directories into a single directory for security management.
Term or Issue Explanation (Continued)
To Next Page
Loading...
