Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.

Slides:



Advertisements
Similar presentations
Public Key Infrastructure and Applications
Advertisements

Privacy & Other Issues. Acceptable Use Policies When you sign up for an account at school or from an Internet Service Provider, you agree to their rules.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Chapter 9 Information Systems Ethics, Computer Crime, and Security.
Chapter 9 Information Systems Ethics, Computer Crime, and Security
Information Systems Ethics, Computer Crime, and Security
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Chapter 9: Privacy, Crime, and Security
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Chapter 9 Information Systems Ethics, Computer Crime, and Security
Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Chapter 8 Network Security 4/17/2017
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
Chapter 19 Security.
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 
Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
BUSINESS B1 Information Security.
Networks and Security Monday, 10 th Week. Types of Attacks/Security Issues  Viruses  Worms  Macro Virus  Virus  Trojan Horse  Phishing 
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.
Krerk Piromsopa. Network Security Krerk Piromsopa. Department of Computer Engineering. Chulalongkorn University.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
CHAPTER 7: PRIVACY, CRIME, AND SECURITY. Privacy in Cyberspace  Privacy: an individual’s ability to restrict or eliminate the collection, use and sale.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Types of Electronic Infection
Module 9: Fundamentals of Securing Network Communication.
Oz – Foundations of Electronic Commerce © 2002 Prentice Hall Security and Privacy Issues.
Database Security Tampere University of Technology, Introduction to Databases. Oleg Esin.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Network Security & Accounting
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Network Security Chapter 8 12/13/ Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Security fundamentals Topic 9 Securing internet messaging.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Secure  Message interception (confidentiality)  Message interception (blocked delivery)  Message interception and subsequent replay  Message.
7.6 Secure Network Security / G.Steffen1. In This Section Threats to Protection List Overview of Encrypted Processing Example.
Security and Ethics Safeguards and Codes of Conduct.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.
E-Commerce & Bank Security By: Mark Reed COSC 480.
Information Systems Design and Development Security Precautions Computing Science.
Unit 3 Section 6.4: Internet Security
Security Issues in Information Technology
Chapter 15: Security.
Chapter 17 Risks, Security and Disaster Recovery
CompTIA Security+ Study Guide (SY0-401)
CompTIA Security+ Study Guide (SY0-501)
برنامج أمن أنظمة الحاسب
Presentation transcript:

Chapter 10 Security On The Internet

Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security

Security Security and trust requirements Threats on the Internet Sources of the threats Security policy

Security and Trust Requirements Confidentiality Integrity Availability Legitimate use Non-repudiation

Threats on the Internet Loss of data integrity Loss of data privacy Loss of service Loss of control

Sources of the Threats Hackers Cyber terrorists Employee error Missing procedures Wrongly configured software

Hackers Monitoring the communication –Private information & password Steal hardware & software –Smart card or database Intercept the output of a monitor screen Overloading the service Trojan horses – virus Masquerading (IP address spoofing) Dustbin

Hackers Bribe employee Information of internal network or internal DNS structure Social Engineering –Exploiting habits of employee –Pretending an employee –Organization chart –Phone book –Information gathering and social pressure

Hackers Counter measurements –Firewall –Two-factor authentication (know and have) –Audit log file –Digital certificate (user or server) –Message encryption

Cyber Terrorists Definition –Use computer resources to intimidate others Methods –Virus attack –Alteration of information –Cutting off Communication –Killing from a Distance –Spreading misinformation

Cyber Terrorists Counter measurements –Commission of Critical Infrastructure Protection –Disconnect mission critical systems from public network –Firewall to monitor communication –The eternity service concept (duplication and encryption)

Security Policy List of resources needed to be protected Catalogue the threats for every resource A risk analysis (cost and benefit) Centralized authorization –Physical access control (policy & procedure) –Logical access control (policy & procedure) Test, review and update

Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security

Cryptography Secret key Public key Steganography Applications

Secret Key Symmetric cryptography A single key for encryption and decryption Use different medium for key and message Fast encryption and decryption Types –Stream ciphers: bit level –Block ciphers: pre-defined length into a block

Public Key Asymmetric key cryptography SRA algorithm: two distinct keys (private and public) for every users Public key decrypt messages encrypted with private key Long time to encrypt and decrypt message RSA to encrypt the symmetric key which encrypted the message

Public Key Usages –Communication between web server and web browsers for create session key – uses different public key for different recipients

Steganogrphy Hide information in the ordinary noise and digital systems of sounds and images Low quality of free software Higher quality for commercial software Law requirements for encryption and decryption

Applications Enforce privacy –Storing the hash value of password Encrypting –Pretty Good Privacy (PGP): unbreakable –Secure Multipurpose Internet Mail Extensions (S/MIME): ease to set up with less security –Separate the use of strong symmetric encryption algorithms and software –WinZip: for read by multiple person and password over the phone

Applications Digital Signatures –Digital hash or digital code for each message –Encrypt the digital code with private key –Decrypt the digital code with public key –Digital time stamp (time and date) encrypted with private key by third party

Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security

Privacy on Internet Footprints on the Net TRUSTe The platform for privacy preferences Anonymity

Footprints on the Net Request a web site –The name of the browser –The operating systems –Preferred language –The last visited web site –IP address and domain name –The client location –The screen resolution and number of colors

Footprints on the Net Cookies –The password to open a site –A user name –An address –Purchasing information

TRUSTe An independent, non-profit privacy organization issues online seal called “trustmark” To certify an online business is trustworthy, safe and allow checking the privacy practice by a third- party Hard to understanding the privacy information by end user

The Platform for Privacy preferences Platform for Privacy Preference Project (P3P) by W3C Define a way for web site to inform the users of privacy practice before the first page

Anonymity Anonymous r ers to replace the header of original with r er’s Anonymizer

Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security

Virus Types of viruses Virus damage Virus strategy

Types of viruses Boot sector virus Executable virus Macro virus Hoax viruses and chain letter

Virus Damage Annoying Harmless Harmful Destructive

Virus Strategy Firewall Anti-virus program –Scanner –Shield –Cleaner Backup strategy Education of employee with a frequently asked questions (FAQ) page

Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security

Client-based Security Digital certificates Smart card Biometric identification

Digital Certificates Personal information (name and address) file encrypted and password-protected with public key and certification authority (name and validity period) Types –Browser and server: SSL encryption –Customer and merchant: SET encryption –Two partners: S/MIME

Smart Cards Uses electronically erasable programmable red only memory (EEPROM) Types –Contact cards –Contactless cards –Combi cards Information Access –Read only –Add only –Modify or delete –Execution only

Biometric Identification Physical characteristics or behavioral traits Issues –Acceptance –Accuracy –Cost –Privacy

Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security

Isolation of web server Application Proxies Multi-layered firewall A trusted operating systems (TOS) Backup Least privilege Balance of power A good audit system

Trusted Operating Systems Types –Virtual Vault by Hewlett Packard –Trusted Solaris by Sun Features –Firewall –Intranet –Internet –Distributed system: data and program –Least privilege –Peak usage management –Multi level security –Audit system

Audit System Adaptable Automated Configurable Dynamic Flexible Manageable System-wide

Points to Remeber Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.