Discuss the security of communications channels. Include ...

[Chloeellawright]

Discuss the security of communications channels. Include definitions and explanations for the terms Secure Sockets Layer/Transport Layer Security (SSL/TLS), secure negotiated session, session key, and VPN.
 
  What will be an ideal response?

Question 2

To allow lower-level employees access to the corporate network while preventing them from accessing private human resources documents, you would use:
 
  A) access controls.
  B) an authorization management system.
  C) security tokens.
  D) an authorization policy.

[robbielu01]

Answer to Question 1

The Secure Sockets Layer of the Transmission Control Protocol/Internet Protocol (TCP/IP) communications protocol is the main method for securing communications channels on the Web. When you receive a message from a web server then you will be communicating through a secure channel; this means that SSL/TLS will be used to establish a secure negotiated session. A secure negotiated session is a client-server session in which the URL of the requested document, its contents, and the contents of the forms filled out by the user on the page, as well as the cookies that are exchanged, are all encrypted. The browser and the server exchange digital certificates with one another, determine the strongest shared form of encryption, and begin communicating using a unique symmetric encryption key, agreed upon for just this encounter. This is called a session key. SSL/TLS provides data encryption, server authentication, optional client authentication (as yet still rare for individual users), and message integrity for the TCP/IP connections between two computers.

SSL/TLS addresses the threat of authenticity by allowing users to verify another user's identity or the identity of a server. It also protects the integrity of the messages exchanged. However, once the merchant receives the encrypted credit and order information, that information is typically stored in unencrypted format on the merchant's servers. While SSL/TLS provides secure transactions between merchant and consumer, it only guarantees server-side authentication. Client authentication is optional. In addition, SSL/TLS cannot provide irrefutability  consumers can order goods or download information products and then claim the transaction never occurred.

Virtual private networks (VPNs) enable remote users to access an internal network from the Internet. They use protocols to create a private connection between a user on a local ISP and a private network. This process is called tunneling because it creates a private connection by adding an encrypted wrapper around the message to hide its content. It is called virtual because it appears to be a dedicated secure line when in fact it is a temporary secure line. VPNs are used primarily for transactions between business partners because dedicated connections can be very expensive. The Internet and VPNs can be used to significantly reduce the costs of secure communications.

Answer to Question 2

B

[Chloeellawright]

Excellent

[mjenn52]

Gracias!