NASA Logo, External Link
Facebook icon, External Link to NASA STI page on Facebook Twitter icon, External Link to NASA STI on Twitter YouTube icon, External Link to NASA STI Channel on YouTube RSS icon, External Link to New NASA STI RSS Feed AddThis share icon
 

Record Details

Record 66 of 15363
Practical Computer Security through Cryptography
Author and Affiliation:
McNab, David(MRJ Technology Solutions, Inc., Moffett Field, CA United States)
Twetev, David [Technical Monitor]
Abstract: The core protocols upon which the Internet was built are insecure. Weak authentication and the lack of low level encryption services introduce vulnerabilities that propagate upwards in the network stack. Using statistics based on CERT/CC Internet security incident reports, the relative likelihood of attacks via these vulnerabilities is analyzed. The primary conclusion is that the standard UNIX BSD-based authentication system is by far the most commonly exploited weakness. Encryption of Sensitive password data and the adoption of cryptographically-based authentication protocols can greatly reduce these vulnerabilities. Basic cryptographic terminology and techniques are presented, with attention focused on the ways in which technology such as encryption and digital signatures can be used to protect against the most commonly exploited vulnerabilities. A survey of contemporary security software demonstrates that tools based on cryptographic techniques, such as Kerberos, ssh, and PGP, are readily available and effectively close many of the most serious security holes. Nine practical recommendations for improving security are described.
Publication Date: Dec 30, 1998
Document ID:
20020080914
(Acquired Nov 01, 2002)
Subject Category: COMPUTER SYSTEMS
Document Type: Preprint
Contract/Grant/Task Num: RTOP 509-10-61
Financial Sponsor: NASA Ames Research Center; Moffett Field, CA United States
Organization Source: MRJ Technology Solutions, Inc.; Moffett Field, CA United States
Description: 1p; In English
Distribution Limits: Unclassified; Publicly available; Unlimited
Rights: No Copyright
NASA Terms: COMPUTER INFORMATION SECURITY; CRYPTOGRAPHY; VULNERABILITY; INTERNETS; PROTOCOL (COMPUTERS); COMPUTER PROGRAMS
Availability Source: Other Sources
Availability Notes: Abstract Only
› Back to Top
Find Similar Records
NASA Logo, External Link
NASA Official: Gerald Steeman
Site Curator: STI Program
Last Modified: August 22, 2011
Contact Us