Internet Security Terms and Techniques Chris Avram Faculty of Information Technology Monash University 1U-Cubed ‘99Chris Avram.

Slides:



Advertisements
Similar presentations
1 Three things about e-Business Chris Avram Computer Science and Software Engineering Monash University.
Advertisements

CP3397 ECommerce.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)
Part 5:Security Network Security (Access Control, Encryption, Firewalls)
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
COMP3123 Internet Security Richard Henson University of Worcester October 2010.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Cryptography and Network Security Chapter 17
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 Authentication Applications Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW.
Mgt 20600: IT Management & Applications Telecommuncations and Networks Tuesday March 28, 2006.
X.509 at the University of Michigan CIC-RPG Meeting June 7, 1999 Kevin Coffman Bill Doster
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
Chapter 8 Web Security.
Security Jonathan Calazan December 12, 2005.
Computer Science Public Key Management Lecture 5.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Masud Hasan Secue VS Hushmail Project 2.
Internet Security for Small & Medium Business Week 6
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
Gregorio Martínez Pérez University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Web Security : Secure Socket Layer Secure Electronic Transaction.
Chapter 21 Distributed System Security Copyright © 2008.
Module 9: Fundamentals of Securing Network Communication.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.
Security & Privacy. Learning Objectives Explain the importance of varying the access allowed to database elements at different times and for different.
COMP3123 Internet Security Richard Henson University of Worcester October 2011.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Digital Signatures and Digital Certificates Monil Adhikari.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.
Securing Access to Data Using IPsec Josh Jones Cosc352.
Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
Key management issues in PGP
3.1 Types of Servers.
Cryptography and Network Security
Using SSL – Secure Socket Layer
Cryptography and Network Security
Cryptography and Network Security
Presentation transcript:

Internet Security Terms and Techniques Chris Avram Faculty of Information Technology Monash University 1U-Cubed ‘99Chris Avram

Security is u Confidentiality – only those authorised have access to data u Authentication – the identity claimed can be verified u Availability – access is available as and when required u Integrity – information is modified only as it should be 2U-Cubed ‘99Chris Avram

Security is needed for u Legal and ethical need – OECD privacy guidelines – Australian privacy act and commission – OECD guidelines for security of information u Technical need – electronic commerce – public networks – packet switched networks 3U-Cubed ‘99Chris Avram

Internet strategy u Local area network u Wide area network u Internet - global network – customer/client access – inter-organisation systems u Intranet – Internet technology for WAN – Virtual Private Network 4U-Cubed ‘99Chris Avram

The networked organisation LAN Internet customers LAN SOHO Legend Another organisation Secure line Insecure 5U-Cubed ‘99Chris Avram

Current security measures u Passwords to identify users/clients – access restricted to logged on users – Netware, NT encrypt passwords – eaves dropping on other P/Ws possible u Physical access controls – guarantees server identity – reduces electronic eaves dropping 6U-Cubed ‘99Chris Avram

Threats u Impersonation – of clients – of servers u Passive electronic eaves dropping u Modification of information in transit u Traffic analysis u Denial of service 7U-Cubed ‘99Chris Avram

Solutions u Public key crypto-systems – allow electronic signature and verification – allow confidential exchange of information u Certificates – signed by a certificate authority (CA) – proof of identity » containing a public key u SSL (for WWW), S-Mime (for ) 8U-Cubed ‘99Chris Avram

Public key crypto-systems Send message Receive message Secret key Public key Public key directory Make Keys Eavesdropper 9U-Cubed ‘99Chris Avram

Public key signature-systems Sign message Check signature Secret key Public key Public key directory Make Keys Fraudster clear 10U-Cubed ‘99Chris Avram

Certificates Certificate Authority Client Server Signed server certificate Signed server certificate CA public key Source Certificate request 11U-Cubed ‘99Chris Avram Past Present

Secure links ClientServer Info. Request Certificate eg. Visa number time eg. fee for service info. 12U-Cubed ‘99Chris Avram

Certificate authorities - Public u Public CAs – Australia Post (product sales on hold) – VeriSign – UPS and others  Customers will get browsers with CA certificates included  $US350-1,300 per server per annum  13U-Cubed ‘99Chris Avram

Certificate authorities - Private u CA Software from » Netscape » X509.com » Microsoft u Organisation – chooses level of proof of identity – makes CA certificates available, manages revocation list   No ongoing fees 14U-Cubed ‘99Chris Avram

Recommendation u If an organisation plans to use the Internet for more than the distribution of public information – eg. selling, collecting $ or personals, customer confidential communications u Then it should consider running a private certificate authority: – 1. Create a secure version of your WWW server – 2. Install CA software – 3. Begin testing with selected mobile staff 15U-Cubed ‘99Chris Avram

Reference u VeriSign u CA demo u Secure WWW servers – Microsoft – Netscapehttp://home.netscape.com/ – Apache u SSL capable WWW client Netscape 2.02 or later, Microsoft Internet Explorer 3.0 or later u This file is 16U-Cubed ‘99Chris Avram

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.