1. 1 Pertemuan 10 Network Security and E-Commerce Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi: >

2. 2 Learning Objectives Understand how viruses operate and how to protect systems from them.

3. 3 Virus Protection Virus Categories –File infectors –System or boot-record infectors –Macro viruses –Worms

4. 4 Virus Protection Backup and Recovery –Organizations need to have clear procedures for backup and recovery. Onsite Offsite Timed –Organization must enforce these procedures. –Take advantage of new technologies Compression Optical storage –Clear recovery procedures

5. 5 Firewalls Necessary for Enterprise and service providers, Small offices, and consumers having access to Internet. Design Goals of a Firewall: –Control the traffic from inside to outside and vice versa. –Establish local security policies. –Avoid penetration through simplicity. Clear set of rules Easily maintained Assigned responsibilities

6. 6 Firewalls Firewalls can be Classified in: –Packet Filtering Router –Circuit-Level Gateways –Application-Level Gateways Proxy Servers

7. 7 Firewalls Packet Filtering Router Applies a set of rules to all incoming packets Filtering rules are based on the fields of the packet.

8. 8 Firewalls Circuit-Level Gateway Establishes connections between users on the outside and users on the inside. No direct end-to-end links, TCP redirection. Does not provides network-layer services.

9. 9 Firewalls Multilevel Firewalls –Based on fact that intruder can be repelled by multiple layers of defense or at least slowed down.

10. 10 Firewalls Application-Level Gateway Establishes connections at the application level. Stricter security than packet filtering. Proxy servers are functionally similar. Proxy servers also act as cache servers to enhance performance.

11. 11 Security Audit Security audits feature –Top-Down interviews –Identification of deviation from existing policies. –Analysis using proven security practices methodology (SPM). Many companies outsource audits. –Based on costs –Based on skills

12. 12 Security Levels Security of the Organization –Select the right solution –Intrusion detection Security of the Client –Protection at the browser –Protection through virtual private network Security of the Third Party –Distributed Denial Of Service Attacks (DDOS) –Filtering outbound traffic

13. 13 Security Levels - Clients Connections to the Internet are not anonymous. –Privacy issues Transactions may leave residual information. –Caching –Cookies –Log

14. 14 Security Levels - Clients Countermeasures in Netscape & Internet explorer

15. 15 Directory Services Definition –A network service that identifies all resources on a network and makes them accessible to users and applications. Standards –X.500 is an ISO and ITU standard that defines how global directories should be structured. X.500 directories are hierarchical –LDAP was conceived of as a way to simplify access to a directory service that was modeled according to the X.500 standards. LDAP has emerged as the solution needed to make global directory services a reality.

16. 16 Directory Services Current products –Number based on Lightweight Directory Access Protocol (LDAP) –CP: Injoin Directory Server v3.XInjoin Directory Server v3.X –NETSCAPE: iPlanet Directory Server 4.11iPlanet Directory Server 4.11 –NOVELL: NDS eDirectory Version 8.XNDS eDirectory Version 8.X –ORACLE: Oracle Internet Directory 2.XOracle Internet Directory 2.X –Microsoft Active Directory Service

17. 17 Directory Services Single Sign-On –A user needs only one user ID and password, which eliminates the security headaches and vulnerabilities associated with multiple IDs/passwords. –Frees security administrators from the mundane task of assigning passwords –Single Sign-On should work across all platforms, databases, and applications and includes out-of-the- box support for third-party technologies such as Authentication, PKI, and smart cards.