Security in a network can come in many different ways. There are basic needs that most networks provide, like Access control, and passwords. Some organizations need better protection of their data, and need more sophisticated means, like the ability to encrypt messages, so that only the receiver will be able to read them (It's quite easy to read messages sent over a normal network).
What we may want in our local network :
Many operation systems use a password mechanism to control access to the computer. Each user has a login and a password, and whenever he wished to enter the computer, he needs to enter his password. When accessing computer from a terminal (through the network), it's not a good idea to transfer the password as-is, because it is possible to wiretap the network. We might need to encrypt the password, or find a way to use it safely.
When the information is extremely sensitive, we might simply not allow to access it through the network. It is always easier to break through network security than to break into an isolated computer!
Sometimes we need to protect a certain file, so that it won't be available to all. Some operation system provide such protection (Like in unix, a user can decide who can view this file, and who can't, and who can Write to it, or execute it), and one could always use a program to encrypt the File.
When encrypting the file, we save a scrambled version of it, and then only the ones that are allowed to read the file can decrypt it (un-scramble). The simplest use of encryption needs a key. The encryption program produces a new file, given the original file, and the key. It looks like that:
Encrypted File = Encrypt (Original File, Key).
When we want to open the Encrypted file, we need the Key again :
When we need to send a mail message (or a file through the network, for that matter) we need to be sure that only the intended receiver will be able to read it. Because most network won't guarantee that fact, The messages are usually encrypted.
But the Encryption scheme described before, is not suitable now. We need to use a key, but we cannot transmit the key to the receiver, because the transmission isn't safe... So we need to know in advance the key that is used, in order to deccrypt the message!
A better method, is Public Key Encryption. It works like that:
Every one has a public key, that is known by all. When we want to send someone an encrypted message, we use his public key.
In addition to the public key, everyone also have a Private key, known to himself only. The encrypted message (using the public key) can only be decrypted using the private key! so we could send someone a message, be sure of its safety, without needing to agree upon a key.
It works like that :
Encrypted Message = Encrypt ( Original Message, Receiver Public Key)
When the receiver gets the message, he opens it, using his Private key :
Another problem with networks, is that we are never sure who sent us a message. It's very easy to write a message pretending to be someone else.
A technique called a Digital Signature was developed for that. The sender 'signs' his message, using a key that only he knows. The receiver can then decrypt the signature, just like a regular encrypted message. Again, we usually use a private/public key combination :
A signature can only be signed using a private key, and can be decrypted using a public key. In that way, the receiver can be sure as to who sent the message.
To ensure authentication and privacy, we can use a digital signature and then encrypt the message. The receiver will need to both decrypt the message using the public key of the sender, and then to authenticate, he'll use his own private key.