1 / 42

Chapter 10

Chapter 10. Security On The Internet. Agenda. Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security. Security. Security and trust requirements Threats on the Internet Sources of the threats Security policy. Security and Trust Requirements.

charkins
Download Presentation

Chapter 10

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 10 Security On The Internet

  2. Agenda • Security • Cryptography • Privacy on Internet • Virus & Worm • Client-based Security • Server-based Security

  3. Security • Security and trust requirements • Threats on the Internet • Sources of the threats • Security policy

  4. Security and Trust Requirements • Confidentiality • Integrity • Availability • Legitimate use • Non-repudiation

  5. Threats on the Internet • Loss of data integrity • Loss of data privacy • Loss of service • Loss of control

  6. Sources of the Threats • Hackers • Cyber terrorists • Employee error • Missing procedures • Wrongly configured software

  7. Hackers • Monitoring the communication • Private information & password • Steal hardware & software • Smart card or database • Intercept the output of a monitor screen • Overloading the service • Trojan horses – virus • Masquerading (IP address spoofing) • Dustbin

  8. Hackers • Bribe employee • Information of internal network or internal DNS structure • Social Engineering • Exploiting habits of employee • Pretending an employee • Organization chart • Phone book • Information gathering and social pressure

  9. Hackers • Counter measurements • Firewall • Two-factor authentication (know and have) • Audit log file • Digital certificate (user or server) • Message encryption

  10. Cyber Terrorists • Definition • Use computer resources to intimidate others • Methods • Virus attack • Alteration of information • Cutting off Communication • Killing from a Distance • Spreading misinformation

  11. Cyber Terrorists • Counter measurements • Commission of Critical Infrastructure Protection • Disconnect mission critical systems from public network • Firewall to monitor communication • The eternity service concept (duplication and encryption)

  12. Security Policy • List of resources needed to be protected • Catalogue the threats for every resource • A risk analysis (cost and benefit) • Centralized authorization • Physical access control (policy & procedure) • Logical access control (policy & procedure) • Test, review and update

  13. Agenda • Security • Cryptography • Privacy on Internet • Virus & Worm • Client-based Security • Server-based Security

  14. Cryptography • Secret key • Public key • Steganography • Applications

  15. Secret Key • Symmetric cryptography • A single key for encryption and decryption • Use different medium for key and message • Fast encryption and decryption • Types • Stream ciphers: bit level • Block ciphers: pre-defined length into a block

  16. Public Key • Asymmetric key cryptography • SRA algorithm: two distinct keys (private and public) for every users • Public key decrypt messages encrypted with private key • Long time to encrypt and decrypt message • RSA to encrypt the symmetric key which encrypted the message

  17. Public Key • Usages • Communication between web server and web browsers for create session key • E-mail uses different public key for different recipients

  18. Steganogrphy • Hide information in the ordinary noise and digital systems of sounds and images • Low quality of free software • Higher quality for commercial software • Law requirements for encryption and decryption

  19. Applications • Enforce privacy • Storing the hash value of password • Encrypting e-mail • Pretty Good Privacy (PGP): unbreakable • Secure Multipurpose Internet Mail Extensions (S/MIME): ease to set up with less security • Separate the use of strong symmetric encryption algorithms and e-mail software • WinZip: for e-mail read by multiple person and password over the phone

  20. Applications • Digital Signatures • Digital hash or digital code for each message • Encrypt the digital code with private key • Decrypt the digital code with public key • Digital time stamp (time and date) encrypted with private key by third party

  21. Agenda • Security • Cryptography • Privacy on Internet • Virus & Worm • Client-based Security • Server-based Security

  22. Privacy on Internet • Footprints on the Net • TRUSTe • The platform for privacy preferences • Anonymity

  23. Footprints on the Net • Request a web site • The name of the browser • The operating systems • Preferred language • The last visited web site • IP address and domain name • The client location • The screen resolution and number of colors

  24. Footprints on the Net • Cookies • The password to open a site • A user name • An e-mail address • Purchasing information

  25. TRUSTe • An independent, non-profit privacy organization issues online seal called “trustmark” • To certify an online business is trustworthy, safe and allow checking the privacy practice by a third- party • Hard to understanding the privacy information by end user

  26. The Platform for Privacy preferences • Platform for Privacy Preference Project (P3P) by W3C • Define a way for web site to inform the users of privacy practice before the first page

  27. Anonymity • Anonymous remailers to replace the header of original e-mail with remailer’s • Anonymizer

  28. Agenda • Security • Cryptography • Privacy on Internet • Virus & Worm • Client-based Security • Server-based Security

  29. Virus • Types of viruses • Virus damage • Virus strategy

  30. Types of viruses • Boot sector virus • Executable virus • Macro virus • Hoax viruses and chain letter

  31. Virus Damage • Annoying • Harmless • Harmful • Destructive

  32. Virus Strategy • Firewall • Anti-virus program • Scanner • Shield • Cleaner • Backup strategy • Education of employee with a frequently asked questions (FAQ) page

  33. Agenda • Security • Cryptography • Privacy on Internet • Virus & Worm • Client-based Security • Server-based Security

  34. Client-based Security • Digital certificates • Smart card • Biometric identification

  35. Digital Certificates • Personal information (name and address) file encrypted and password-protected with public key and certification authority (name and validity period) • Types • Browser and server: SSL encryption • Customer and merchant: SET encryption • Two e-mail partners: S/MIME

  36. Smart Cards • Uses electronically erasable programmable red only memory (EEPROM) • Types • Contact cards • Contactless cards • Combi cards • Information Access • Read only • Add only • Modify or delete • Execution only

  37. Biometric Identification • Physical characteristics or behavioral traits • Issues • Acceptance • Accuracy • Cost • Privacy

  38. Agenda • Security • Cryptography • Privacy on Internet • Virus & Worm • Client-based Security • Server-based Security

  39. Server-based Security • Isolation of web server • Application Proxies • Multi-layered firewall • A trusted operating systems (TOS) • Backup • Least privilege • Balance of power • A good audit system

  40. Trusted Operating Systems • Types • Virtual Vault by Hewlett Packard • Trusted Solaris by Sun • Features • Firewall • Intranet • Internet • Distributed system: data and program • Least privilege • Peak usage management • Multi level security • Audit system

  41. Audit System • Adaptable • Automated • Configurable • Dynamic • Flexible • Manageable • System-wide

  42. Points to Remeber • Security • Cryptography • Privacy on Internet • Virus & Worm • Client-based Security • Server-based Security

More Related