Why is cryptography alone insufficient to protect network traffic?

What will be an ideal response?

Cryptography is a great tool, but it can only provide message confidentiality (meaning that anyone who is not authorized cannot read the message).The easiest way to address this question is to look at what attacks are still possible on an encrypted message.For instance, a message can be replayed at a later time to reestablish an old session.A message can be intentionally modified to result in gibberish at the recipient machine. (This is particularly bad if the message contains bits of a key that will then be used for further communication and may not easily be determined to be nonsense.)An attacker can also sit between two hosts (called a man-in-the-middle attack) and intervene in the establishment of a session key and send and receive as both parties, eavesdropping on all the network traffic.A variety of scenarios can be presented based on the topics of the chapter.A good exercise is to have students identify the technique that is needed in addition to cryptography to solve the problem presented.The depth of the solution should be commensurate with the chapter content, only without deep explanations in the field of security.