Internet Security PGP Pretty Good Privacy PGP is

Internet Security

PGP – Pretty Good Privacy PGP is a security technology which allows us to send email that is authenticated and/or encrypted. Authentication confirms the identity of the sender or a message. Encryption scrambles the contents of a message so that only the intended recipients can read it. Each user of PGP has a public and a private key. They are generated in matched pairs: a public key only ever works with its twin private key. A user's public key is not a secret and can be distributed widely. A user's private key however must be kept secret, and is protected by a pass phrase (like a password but longer). 2

PGP – Pretty Good Privacy A public key is used in two ways: Alice can authenticate a signed message from Bob using his public key. If the message matches Bob's public key then Alice can be sure that the message came from Bob. Alice can send a secure message to Bob by encrypting the message using Bob's public key. The only person who can decrypt the message is Bob. A private key also has two uses: Bob can send an authenticated message to Alice by signing it with his private key. Since Bob is the only person who has his private key (and the pass phrase that protects it), Alice knows that if the message matches Bob's public key, then it must have been sent by Bob can read a secure message sent by Alice by decrypting it with his private key. 3

SSL (Secure Sockets Layer) The SSL (Secure Sockets Layer) Handshake Protocol was developed to provide security and privacy over the Internet. The SSL protocol runs in a "layer" above TCP/IP and below higher-level protocols such as HTTP or IMAP. The SSL protocol is able to negotiate encryption keys as well as authenticate the server before data is exchanged by the higher -level application. The SSL protocol maintains the security and integrity of the transmission channel by using encryption, authentication and message authentication codes. 4

HTTPS stands for Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over SSL. HTTPS encrypts and decrypts the page requests and page information between the client browser and the web server using a secure Socket Layer (SSL). SSL transactions are negotiated by means of a keybased encryption algorithm between the client and the server. 5

IPsec Short for IP Security, IPsec is a set of protocols developed by the IETF to support secure exchange of packets at the IP layer. IPsec supports two encryption modes: Transport and Tunnel. Transport mode encrypts only the data portion (payload) of each packet, but leaves the header untouched. The more secure Tunnel mode encrypts both the header and the payload. On the receiving side, an IPSec-compliant device decrypts each packet. 6

SET – Secure Electronic Transactions Short for Secure Electronic Transaction, a standard that will enable secure credit card transactions on the Internet. SET has been endorsed by virtually all the major players in the electronic commerce arena, including Microsoft, Netscape, Visa, and Mastercard. By employing digital signatures, SET will enable merchants to verify that buyers are who they claim to be. It will protect buyers by providing a mechanism for their credit card number to be transferred directly to the credit card issuer for verification and billing without the merchant being able to see the number. 7