COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.

Slides:

Advertisements

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Advertisements

Chapter 17: WEB COMPONENTS

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.

Security+ Guide to Network Security Fundamentals

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Chapter 7 HARDENING SERVERS.

Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

Web server security Dr Jim Briggs WEBP security1.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.

INTRODUCTION TO WEB DATABASE PROGRAMMING

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Internet Business Foundations © 2004 ProsoftTraining All rights reserved.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

The Internet, Intranets, & Extranets Chapter 7. IS for Management2 The Internet (1) A collection of networks that pass data around in packets, each of.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

JavaScript, Fourth Edition

5 Chapter Five Web Servers. 5 Chapter Objectives Learn about the Microsoft Personal Web Server Software Learn how to improve Web site performance Learn.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Copyright 2000 eMation SECURITY - Controlling Data Access with

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Types of Electronic Infection

Network Security Jiuqin Wang June, 2000 Security & Operating system To protect the system, we must take security measures at two levels: Physical level:

1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.

IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.

ACM 511 Introduction to Computer Networks. Computer Networks.

Windows NT Based Web Security COSC 573 By:Ying Li.

Database Security Tampere University of Technology, Introduction to Databases. Oleg Esin.

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

General Concerns on WWW Security Name: Huaying Chen ID# Instructor: Dr Mort Anvari.

Secure Transactions Chapter 17. The user's machine No control over security of user's machine –Might be in very insecure: library, school, &c. Users disable.

Electronic Commerce Semester 1 Term 1 Lecture 14.

Securing Access to Data Using IPsec Josh Jones Cosc352.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

IDS And Tripwire Rayhan Mir COSC 356. What is IDS IDS - Intrusion detection system Primary function – To monitor network or host resources to detect intrusions.

NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.

SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.

1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.

Chapter 6 Application Hardening

IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It works.

NETWORK SECURITY Cryptography By: Abdulmalik Kohaji.

E-Commerce Security.

Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein

Operating System Concepts

Designing IIS Security (IIS – Internet Information Service)

Electronic Payment Security Technologies

Presentation transcript:

COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003

Introduction to Internet Security It is a challenge to assure security in information systems – networked, embedded, and plain computation systems. There are a variety of security policies in the world; they come in many flavors ( for example, authentication before access, integrity of information, and confidentiality of information)

Web connections. The browser,. The server,. The connection between the two. The user, via his browser, connects to a remote Web server and requests a document. The server returns the document, and the browser displays it.

From the user’s point of view. The remote server is owned and operated by the organization that it seems to be owned by.. The documents that the server returns are free from dangerous viruses and malicious intent.. The remote server will not record or distribute information that the user considers private, such as his Internet browsing habits.

From the Webmaster’s point of view. The user will not attempt to break into the Web server computer system or alter the contents of the Web site.. The user will not try to gain access to documents that she is not privy to.. The user will not try to crash the server, making it unavailable for others to use. If the user has identified herself, she is who she claims to be.

From both parties’ views. The network connection is free from third-party eavesdroppers listening in on the communications line.. The information sent between browser and server is delivered intact, free from tampering by third parties.

Document Confidentiality To protect private information from being disclosed to third parties. Cryptography enables confidential information to be transmitted from location to location across insecure networks

Cryptographic Systems 1. Plaintext - human-readable or in a format that anyone with the proper software can use. 2. Ciphertext - human-unreadable, encrypted message 3. Cyphtographic algorithm - mathematical operation used to convert plaintext into cipertext 4. Key - to encrypt and/or decrypt the message, only people who know the correct key can decrypt a piece of ciphertext. Algorithm Plaintext Ciphertext

CLIENT-SIDE SECURITY. These are security measures that protect the user’s privacy and the integrity of her computer.. Technological solutions include safeguards to protect users against computer viruses and other malicious software, as well as measures that limit the amount of personal information that browsers can transmit without the user’s consent.. Organizations can prevent employees’ Web browsing activities from compromising the secrecy of the company’s confidential information or the integrity of its local area network.

SSL. Secure Sockets Layer (SSL),. a flexible and general-purpose encryption system,. dramatically reduces the risk by emptying the browser-server data stream.. reliably identifying the party at the other end of the network link.

How SSL protects an online transaction

SERVER-SIDE SECURITY. To protect the Web server and the machine it runs on from break-ins, site vandalism, and denial–of- service attacks. denial–of-service attacks : attacks that make the Web site unavailable from normal use.. Technological solutions : firewall systems, operating system security measures.

Windows NT Web Servers. Windows NT Server - coordinate the activities of other machines, - provide remote access services, - run Windows name resolution, - host the Internet Information Server. Windows NT Workstation - most of the server functions disabled - Microsoft Internet Information Server can’t run on NT Workstation

Steps for securing a Window NT Web server 1. Apply all service patches. 2. Fix the file system permissions. 3. Fix the registry access permissions 4. Remove or disable all extraneous network services. 5. Add the minimum number of user accounts necessary to maintain the server. 6. Install the server software and adjust file and directory permissions to restrict unnecessary access. 7. Remove or disable unnecessary Web server features, CGI scripts, and extensions. 8. Monitor system and server log files.

UNIX Web Servers UNIX is a multi-user system : A single machine supports several or hundreds of users. Each has a unique home directory and environment. Each is protected against interference from the others by a system of access permissions. Files, programs, devices, and other system resources are all protected by access control.

UNIX Web Servers User and group access rights are the basis for UNIX system, including those that provide Internet services, runs with the permission of some user or another.

Steps for setting up a UNIX Web server secure 1. Apply vendor operating system patches. 2. Turn off unessential services. 3. Add the minimum number of user accounts 4. Get the file and directory permissions right. Ideally you should take these steps off-line before you physically plug the system into the network.

CONCLUSION. Internet security is the practice of protecting and preserving private resources and information on the Internet,. It is a challenging topic among executives and managers of computer corporations.. Together, network security and a well-implemented security policy can provide a highly secure solution.