The host file can be found in any system hooking up to the Internet and can be a useful tool to help better lockdown your system. A little background first. When I request a web page in my browser, say www.cnn.com, my system (unbeknown to me) sends out a DNS ( Domain Name System) query to find out what the IP address is. DNS was created to save us humans the pain of typing and remembering IP addresses. For example, instead of typing in “http://64.236.91.23/“, we can type meaningful URLs like www.cnn.com.

The “hosts” file on your system acts as a local DNS. If there is an entry there, your system will use the IP in your HOSTS and will not proceed to query DNS over the Internet. If you open up the hosts file (on my windows XP it’s here - C:\WINDOWS\system32\drivers\etc), you will see this line:

127.0.0.1 localhost

The statement above creates a mapping between the domain and IP address. If you type ‘localhost’ in your browser it will take you to your web server on your PC, if a webserver is running. The first column in this statement is reserved for the IP address and the second column always contains the hostname. If you have computers on your network that are using fixed IP’s, the “hosts” file would be a good place to put memorable names for your different machines. For example, you would add an entry like the one below:

192.168.1.4 ourmac

Now, if you need to connect to your MAC computer in order to Telnet or to access a website running on that machine, you would just say “http://ourmac“, or “telnet ourmac”.

This is all nice and convenient, but how does this secure my system from spy-ware, ad-ware or other malicious places I don’t want my computer going to? The solution is simple; add these domains to your host file and point them to 127.0.0.1, essentially making these requests go no-where. Having these entries in your hosts file is telling your computer, “I want you to go to the IP address I set up for this - don’t go and look them up against the DNS”. You may have some entries in the hosts that look like the following:

127.0.0.1 doubleclick.com
127.0.0.1 ads.doubleclick.com
127.0.0.1 ads.msn.com

These entries will block unwanted ad sites. Here you can download an ad-blocking “hosts” file to replace the hosts file on your own PC. Someone spent the time to compile and share this. You can also use the hosts file to block your kids from going to certain sites that you don’t want them going to. While we know there is no “silver bullet” security solution, this hosts file knowledge can help make your computing experience safer.

One of my favorite topics in security is cryptography, the art of hiding information. Today I’d like to talk about public-key cryptography, which is really quite fascinating and ingenious in it’s design. When a message (plain-text) is encrypted it’s turned into gibberish - also called cipher-text. The process of decrypting using a secret key turns the cipher-text back into readable plain-text. So now you have a message you want to send me. We agree on a specific algorithm and a secret key. When you send me a message you use the algorithm with the secret key and encrypt the message. When I receive the nonsense text I use the algorithm with that agreed-upon secret key to decrypt the message and now I can read it. This method of encryption is called symmetric cryptography. We are happy, right ? Not exactly. Let’s say that I”m in Tahiti and you are in New York. There was a breach, and we now need to encrypt all our communications going forward. What do we do? Do we come up with a key and the send it in the mail? Or maybe we can tell each other our secret key over the phone. Can we email it? No, no and no.

Public key cryptography is also called asymmetric cryptography. With asymmetric cryptography we each have a pair of keys; a public key and a private key. The keys are mathematically related, however, the private key can never be derived from the public key. The private key is never distributed; it is always kept secret. The public key is not private and can be distributed freely , even posted in the New York Times if you like. Either the public key or the private key can be used to encrypt a message but the opposite key would have to decrypt the message. So it is never the same key that is used to decrypt as was used to encrypt the message. Let’s say you want to send me a message. You use the agreed upon algorithm with my public key and turn your message into cipher-text. You then send me the message over insecure channels (it doesn’t matter who sees it b/c it’s in encrypted, no worries). I get the message and decrypt using my private key. I can send you a message the same way using your public key.

Now do keep in mind that the scenario I described above ensures confidentiality, meaning nobody but the person with the private key can read the message. What about authenticity? I do not know for sure that you sent me the message since anyone could get my public key and encrypt a message. That’s where digital signatures come into the picture. By signing my message with a digital signature I’m ensuring that it’s me who sent the message. I am also ensuring that no part of the message has been altered in any way. Here’s how it works. I compose my secret message to you but this time I use a hashing algorithm that hashes my message down to a certain numerical value. I then encrypt this hash using my private key and include it with the message encrypting the entire package using your public key. You get this message and decrypt it using your private key. Included in this package is the message and also the digital signature, which you decrypt using my public key. You then take this value with the message and send it through the hashing algorithm. The hashing algorithm will tell you if the hash value is correct. Assuming it is, you now have integrity. You also have confidentiality, nobody could have read the message. The nice thing here is that asymmetric cryptography allows encryption to be done with the private key and decryption to be done public key. Since anyone can decrypt the message using the public key there is no confidentiality in this scenario. However, you know for certain that it was encrypted by the sender’s private key, which insures that it was sent only by that individual. In a future post we’ll talk about SSL (Secure Socket Layer) that uses the methods of encryption discussed in this post.