Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 4 System and Application Security

Published byAage Hovland Modified over 5 years ago

Similar presentations

Presentation on theme: "Module 4 System and Application Security"— Presentation transcript:

1 Module 4 System and Application Security
Chapter System Security

2 System Security We discuss Desktop Security
security: PGP and SMIME 3 Database Security Web Security: web authentication, SSL and SET 4

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31 Email Security (Pretty Good Privacy (PGP),S/MIME)
is one of the most heavily used network-based application. There are two widely used schemes for providing authentication and confidentiality for security, PGP and S/MIME.

32 SMTP Internet is originally based on SMPT-protocol (Simple Mail Transfer Protocol) SMPT transfers a message consisting of header lines and a body (all ASCII) using a packet relay network. SMPT does not have any security services. The messages can easily be read or modified. Also the senders address of routing information is easy to change.

33 MIME ”Multipurpose Internet Mail Extensions” is an extension to solve many limitations of using text-based messages and SMPT. MIME does not have security sercvices either.

34

35

36

37

38

39

40

41

42

43

44

45

46

47 Database Security Definition - What does Database Security mean?
Database security refers to the collective measures used to protect and secure a database or database management software from illegitimate use and malicious threats and attacks. It is a broad term that includes a multitude of processes, tools and methodologies that ensure security within a database environment.

48 Techopedia explains Database Security
Database security covers and enforces security on all aspects and components of databases. This includes: Data stored in database ,Database server Database management system (DBMS) Other database workflow applications Database security is generally planned, implemented and maintained by a database administrator and or other information security professional.

49 Some of the ways database security is analyzed and implemented include:
1. Restricting unauthorized access and use by implementing strong and multifactor access and data management controls 2. Load/stress testing and capacity testing of a database to ensure it does not crash in a distributed denial of service (DDoS) attack or user overload 3. Physical security of the database server and backup equipment from theft and natural disasters 4. Reviewing existing system for any known or unknown vulnerabilities and defining and implementing a road map/plan to mitigate them

50 Web Security Web application security, is a branch of Information Security that deals specifically with security of websites, web applications and web services.

51 Security Threats With the emergence of Web 2.0, increased information sharing through social networking and increasing business adoption of the Web as a means of doing business and delivering service, websites are often attacked directly.  Hackers either seek to compromise the corporate network or the end-users accessing the website by subjecting them to drive-by downloading.

52 Security Threats as a result, industry is paying increased attention to the security of the web applications themselves in addition to the security of the underlying computer network and operating systems. The majority of web application attacks occur through cross-site scripting (XSS) and SQL injection attacks which typically result from flawed coding, and failure to sanitize input to and output from the web application. Phishing is another common threat to the Web application and global losses from this type of attack in 2012 were estimated at $1.5 billion.

53 Web Security Secure Electronic Transaction(SET)
Developed by Visa and MasterCard Designed to protect credit card transactions Confidentiality: all messages encrypted Trust: all parties must have digital certificates Privacy: information made available only when and where necessary Confidentiality of payment and order information Encryption Integrity of all data (digital signatures) Authentication of cardholder & account (certificates) Authentication of merchant (certificates) No reliance on secure transport protocols (uses TCP/IP) Interoperability between SET software and network Standardized message formats SET is a payment protocol Messages relate to various steps in a credit card transaction

54 SSL (Secure Sockets Layer)
NOT a payment protocol -can be used for any secure communications, like credit card numbers SSL is a secure data exchange protocol providing Privacy between two Internet applications Authentication of server (authentication of browser optional) Uses enveloping: RSA used to exchange DES keys SSL Handshake Protocol Negotiates symmetric encryption protocol, authenticates SSL Record Protocol Packs/unpacks records, performs encryption/decryption Does not provide non-repudiation Layered on top of TCP/IP but below the application layer. (Requires reliable transport to operate.) SSL is increasing in importance for Internet security

55 Thank You

Download ppt "Module 4 System and Application Security"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
CP3397 ECommerce.

CP3397 ECommerce.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security

Cryptography and Network Security
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Lesson 7: Business, , & Personal Information Management

Lesson 7: Business, , & Personal Information Management
Risks, Controls and Security Measures

Risks, Controls and Security Measures
Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security

Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security
Chapter 8 Web Security.

Chapter 8 Web Security.
Email Security Jonathan Calazan December 12, 2005.

Security Jonathan Calazan December 12, 2005.
 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.

 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 
 TCP/IP is the communication protocol for the Internet  TCP/IP defines how electronic devices should be connected to the Internet, and how data should.

 TCP/IP is the communication protocol for the Internet  TCP/IP defines how electronic devices should be connected to the Internet, and how data should.

Similar presentations

Ads by Google