Chapter OverviewLearning ObjectivesLecture NotesQuick ReferenceDiscuss the example that demonstrates a hashing algorithm on page 99 of the text.Quick ReferenceDiscuss the different types of hashing algorithms listed on pages 100 and 101 of the text.Quick ReferenceQuick ReferenceDiscuss the options that are available for configuring Kerberos in Windows 2000 Server and Windows Server 2003 as shown in Figure 3-4 on page 112 of the text.Extensible Authentication ProtocolQuick ReferenceDiscuss the two advantages of using security tokens listed on page 116 of the text.IP SecurityQuick ReferenceDescribe the various fields contained in the ESP as listed on pages 119 and 120 of the text.Attacks on Encryption and AuthenticationQuick ReferenceDiscuss some basic guidelines for resisting attacks as illustrated on page 121 of the text.Discussion QuestionsAdditional ActivitiesInstructor: Prof. Michael P. Harris, CCNA CCAI Chapter 3ITSY 2400 – Operating Systems Security Security Through Authentication and EncryptionOperating Systems Security - Chapter 3Security Through Authentication and EncryptionChapter OverviewIn this chapter, students learn about several encryption methods and how operating systems use them. They also learn how systems authenticate one another, to be sure they are communicating with the right system, and they configure Kerberos authentication logon security. In addition, students find out how to use IP Security to keep a TCP/IP network secure, and they learn about some typical methods attackers use to defeat encryption and authentication. Learning ObjectivesAfter reading this chapter and completing the exercises, students will be able to: Explain encryption methods and how they are used Describe authentication methods and how they are used Explain and configure IP Security Discuss attacks on encryption and authentication methodsLecture NotesEncryption MethodsEncryption is the use of a secret code or other means to disguise data that is stored on a computer or transported across a network. Encryption makes data unintelligible to everyone except its intended recipients. Data may be encrypted as a file on a computer, or it may be encrypted before it is sent across a network. Attackers routinely eavesdrop on networks, and as with the old telephone party linesit may be difficult to determine if someone is listening. Attackers use listening devices and software, often called sniffers, that can capture information sent across a network. Sniffer software turns the NIC on its host computer into a virtual “listening ear,” capturing the network traffic that goes across that NIC on aparticular network segment. There are many encryption techniques designed to help protect stored or transmitted data listed on page 97 of the text. Stream Cipher and Block CipherStream cipher and block cipher are two basic ways to accomplish encryption. Instream cipher, every bit in a stream of data is encrypted. Also, in some forms of stream cipher, the encryption of each bit can involve a different key. Using Michael Palmer, GUIDE TO Operating Systems Security Page 1 of 9Thompson/Course Technology ©2004 ISBN: 0-619-16040-3Instructor: Prof. Michael P. Harris, CCNA CCAI Chapter 3ITSY 2400 – Operating Systems Security Security Through Authentication and Encryptionstream cipher is extremely secure because it would take so long to decrypt every bit, particularly using a different key for each one. In the block cipher method, a block of data is encrypted. Also, a specific key size is used. The block cipher method is commonly used because it has less overhead than the stream cipher method, but still provides sold security. Secret Key EncryptionThe secret key encryption method involves keeping the encryption key secret from public access, particularly over a network connection. Further, the same key is used to both encrypt and decrypt data, which is also called symmetrical encryption. The advantage of secret key encryption is that the process is kept simple, because the source that encrypts the data and the target that decrypts it both use the same key. The disadvantage is that, in network communications, both the source and the target must go to great lengths to keep the key secret. Public Key EncryptionPublic key encryption uses a public key and a private key combination. The public key encryption can be communicated over an unsecured connection, but theprivate keys used by the sender and the receiver are never shared in this way. Onekey is used to encrypt the data, and the other key is used to decrypt it, which makes this method asymmetric encryption. The public key/private key methoduses an encryption algorithm developed by Whitfield Diffie and Martin Hellman, involving the use of prime numbers and numbers that are nearly prime numbers. Hashing Hashing involves uses a one-way function to mix the contents of a message or of data, either by scrambling it, associating it with a unique digital signature, or making it an unintelligible entry in a tablesuch as a table that stores passwords. In hashing, the mathematical function that calculates the hash, called the hashingalgorithm, works on only one side of a two-way communication. Quick ReferenceDiscuss the example that demonstrates a hashing algorithm on page 99 of the text.Hashing is often used to create a digital signature. Server systems such as Windows NT/2000/2003 can use hashing to create digital signatures that are associated with the passwords of user accounts and placed in a table. In addition to using digital signatures with passwords, another classic way of checking the accuracy of data sent over a network is to use a checksum. One method of calculating a checksum is to add each bit in the data stream into a binary total. There are several typically used hashing algorithms: Message Digest 2 (MD2)  Message Digest 4 (MD4) Message Digest 5 (MD5)  Secure Hash Algorithm 1 (SHA-1)Quick ReferenceDiscuss the different types of hashing algorithms listed on pages 100 and 101 of the text.Michael Palmer, GUIDE TO Operating Systems Security Page 2 of 9Thompson/Course Technology ©2004 ISBN: 0-619-16040-3Instructor: Prof. Michael P. Harris, CCNA CCAI Chapter 3ITSY 2400 – Operating Systems Security Security Through Authentication and EncryptionMichael Palmer, GUIDE TO Operating Systems Security Page 3 of 9Thompson/Course Technology ©2004 ISBN: 0-619-16040-3Instructor: Prof.