slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
بسم الله الرحمن الرحيم PowerPoint Presentation
Download Presentation
بسم الله الرحمن الرحيم

Loading in 2 Seconds...

play fullscreen
1 / 25

بسم الله الرحمن الرحيم - PowerPoint PPT Presentation


  • 135 Views
  • Uploaded on

بسم الله الرحمن الرحيم. Islamic University of Gaza Electrical & Computer Engineering Department. Web Security. Prepared By : Eman Khaled El-mashharawi Miriam Mofeed El-Mukhallalati Supervisor: Dr. Basil Hamad. Contents:. What is security?. Host threats and countermeasures.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'بسم الله الرحمن الرحيم' - amory


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

بسم الله الرحمن الرحيم

Islamic University of Gaza Electrical & Computer Engineering Department

Web Security

Prepared By:

Eman Khaled El-mashharawi

Miriam Mofeed El-Mukhallalati

Supervisor:

Dr. Basil Hamad

slide2

Contents:

What is security?

Host threats and countermeasures.

Network threats and countermeasures.

Application threats and countermeasures.

Conclusion.

References.

slide3

Have you ever believed that:

All your personal information are available to a hacker!!!

There is a hacker who follows all your electronic steps!!

OH.. This means that..

your NETWORK SECURITY has been broken !!!

slide4

Imagine thatyou have received an E-mail..

And while opening..

This message appears!!!

OH Nooo!!

your HOST SECURITY has been broken !!!

slide5

What is this?!!

Who steel my password?!

Who enter my E-mail??

Have you ever entered your E-mail and found your password has been changed??

Or have you ever found that your password has been published to all your friends?

OOOH..

your APPLICATION SECURITY has been broken!!!!

slide6

What is security?

The protection of information assets through the use of technology, processes, and training.

Security

Network Security

Application Security

Host Security

slide7

V

I

R

U

S

Authentication

APPLICATION THREATS

HOST THREATS

Sniffing

NETWORK THREATS

Security

slide8

Host

Threats

Network Threats

App.

Threats

slide9

Host Threats

Viruses, Trojan horses, and worms.

Foot printing.

Password cracking.

slide10

Viruses, Trojan horses, and worms:

A virus is a program that causes disruption to the operating system or applications.

A Trojan horse is a malicious code that is contained inside what appears to be a harmless data file or executable program.

A worm is self-replicates from one server to another.

slide11

Cont…

Countermeasuresagainst viruses, Trojan horses, and worms :

Stay current with the latest operating system service packs and software patches.

Block all unnecessary ports at the firewall and host.

Disable unused functionality including protocols and services

slide12

Footprinting

Examples of foot printing are port scans and ping sweeps.

The type of information that are required by the attacker includes: account details, operating system, other software versions, server names, and database schema details.

Countermeasures to prevent foot printing include :

Disable unnecessary protocols.

Lock down ports with the appropriate firewall configuration.

slide13

Password Cracking

If you use default account names, you are giving the attacker a head start.

If you use blank or weak passwords you make the attacker's job even easier.

Countermeasures to prevent password cracking include :

Use strong passwords for all account types.

Apply lockout policies to end-user accounts.

slide14

Network Threats:

Information gathering

Sniffing

Spoofing

Denial of service

slide15

Information Gathering

Attackers usually start with port scanning.

detect device types and determine operating

system and application versions

Countermeasures

toprevent information gathering:

Configure routers to restrict their responses to footprinting requests.

Configure operating systems that host network software.

slide16

Sniffing

Read all plaintext passwords or configuration information.

crack packets encrypted by lightweight hashing algorithms.

Countermeasures

toprevent sniffing:

Use strong physical security and proper segmenting of the network .

Encrypt communication fully, including authentication credentials.

slide17

Spoofing

use a fake source address that does not represent the actual address of the packet.

hide the original source of an attack

Countermeasures

toprevent spoofing:

Filter incoming packets

Filter outgoing packets

slide18

Denial of service:

denies legitimate users access to a server or services.

send more requests to a server than it can handle .

toprevent denial of service:

Countermeasures

Apply the latest service packs.

Use a network Intrusion Detection System (IDS).

slide19

Application Threats

Authentication

Network eavesdropping

Cookie replay attacks

slide20

Authentication

Network Eavesdropping

Capture traffic and obtain user names and passwords.

Countermeasures to prevent network eavesdropping include:

do not transmit the password over the network such as Windows authentication.

Make sure passwords are encrypted.

Use an encrypted communication channel.

slide21

Cont…

Cookie Replay Attacks

Capture the user's authentication cookie to gain access under a false identity

Countermeasures to prevent cookie replay include:

Use an encrypted communication channel whenever an authentication cookie is transmitted.

Use a cookie timeout to a value that forces authentication after a relatively short time interval.

slide22

Conclusion

The remedy for all corporate security issues cannot be described in just one paper.

It is meant by this research to be a starting point to a better understanding of the three types of web security and there threats .

By thinking like attackers and being aware of their likely tactics, you can be more effective when applying threats’ countermeasures .

you must know what the enemy knows.

slide23

References

Sima, C. Are Your Web Applications Vulnerable?. Atlanta, GA: SPI Dynamics, 2005.

http://www.webscurity.com/pe_benefits.htm [access at July 7, 2006]

J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan. 2006. Improving Web Application Security: Threats and Countermeasures.U.S.A: Microsoft Corporation. Retrieved June 5, 2006 from:

http://www.msdn.microsoft.com/library

slide24

Cont…

SafeNet. 2005. WB_Best Practices in Creating High Level Application Security. U.S.A: Belcamp, Maryland 21017 USA. Retrieved

July 12, 2006 from:: http://www.safenet-inc.com

Microsoft’s patterns & practices team. 2005. Web Service Security: Scenarios, Patterns, and Implementation Guidance for Web Services Enhancements (WSE) 3.0. Retrieved July 7, 2006 from:

http://www.msdn.microsoft.com/practices