15.1 Fundamentals

The fundamental mechanisms of networks and telecommunication security can be broken down into three categories:

Physical Security

		Any communication network (if not wireless) will need cables to connect the different nodes that make up the network.
		These cables can be a source of information gathering for intruders as they can interfere with the data that is being passed through the cables through the practice of eavesdropping, wiretapping and bugging.
		Screening the cables is a solution for these security threats as it acts as a barrier against un-wanted interference.
		By screening cables, the data cable is protected by several insulated conductors that are covered by a plastic jacket.
		These insulated conductors act as a Faraday Cage that reduces the level of interference that could affect the data cable.
		A much securer option (over copper data cables) is the use of fibre optic. Fibre optic, as well as being a much faster transmitter of data than copper cables, the threat of interference is virtually zero as fibre optic acts as a vacuum between the outside world and the data that is being transmitted through it.

15.1 Fundamentals

Processes

		Applying processes such as cryptography, firewalls, filters and gateways is a fundamental part of networks and telecommunication security.
		The process of cryptography can be further broken down into link encryption and end to end encryption.
		A network that utilizes link encryption (see Figure 15.1) has an encryption and decryption device at every stage/link (connectors, routers etc) of the network where the information being passed is encrypted and decrypted.
		In addition to the information being encrypted and decrypted, the headers, addresses and routing data are also encrypted and decrypted at every link.
		The advantage of using link encryption is that all data (information plus the packet header, addresses and routing data) are encrypted.
		However, due to encryption and decryption occurring at every link in the network, the encryption key management is more complex than end to end encryption.

15.1 Fundamentals

		On the other hand, end to end encryption only involves the processes of encryption and decryption at the ’ends’ of the network (see Figure 15.2).
		The information is encrypted when it is sent from the sender and only decrypted when it is reached its destination.
		Unlike link encryption, headers, addresses and routing data are not encrypted; the different links in the network just read these and pass them on to the next link until the encrypted data reaches its destination.

15.1 Fundamentals

		Key management is less complex than in link encryption.
		However, a disadvantage of end to end encryption is the vulnerability to traffic analysis as the packet header is not encrypted.