Lecture 24: Secure Communications

Today's lecture focused primarily on the topic of Secure Communications. We started by discussing why hackers generally break into organizations from the outside: because they are seeking a challenge, they are seeking fame, monetary interests, or ideological reasons. However, most hackers are internal to the network they are trying to hack. We were informed of some basic network security threats, including interception, impostors, remotely logging in as the root user, and threats against content. We then were given some detail on a popular type of attack called a "Replay Attack", where an attacker intercepts a message, and then "replays" that message, potentially resending login information and gaining unauthorized access. A simple way to protect against this type of attack is to implement a time stamp into each message. We were also told of some popular denial of service attacks, including transmission failure, connection flooding, and distributed denial of service. VPNs are also a security concern, given the nature of what they do. We went over a few topics on how VPNs work. Also, quite a large portion of this lecture was spent discussing IPsec, which basically is a form of IP security which allows for secure transmission of information over IP networks. This is necessary because normal IP has no security. The lecture concluded with mentioning that network security is only one piece of the puzzle--many other areas of vulnerability should be addressed to achieve the coveted state of being "totally secure".