Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security Management Dr. Robert Chi Chair and Professor, IS department Chief editor, Journal of Electronic Commerce Research.

Similar presentations


Presentation on theme: "Network Security Management Dr. Robert Chi Chair and Professor, IS department Chief editor, Journal of Electronic Commerce Research."— Presentation transcript:

1 Network Security Management Dr. Robert Chi Chair and Professor, IS department Chief editor, Journal of Electronic Commerce Research

2 How secure are you? Security: The quality or state of being sure-to be free from danger Physical security –Protect physical items or areas from unauthorized access and misuse Digital security –Communications Protection of communication media, technology and content –Network Network components and connection and content –Information

3 Characteristics of (good) Information Availability –Access information without interference or obstruction Accuracy –Free from mistakes or errors Authenticity –Being genuine or original Confidentiality –Nor disclosed to unauthorized individuals or systems Integrity –Whole, complete and uncorrupted Utility –Having value for some purpose Possession –Having ownership or control

4 National Security Telecommunication and Information Systems Security Committee (NSTISSC) Three dimension model Each dimension had three values –Protect (Information)Availability, Integrity, Confidentiality –Use (Management)Policy, Education, Technology –In (Utilization)Storage, Processing, Transmission –Examples: Firewall technology,

5 Threats ( an object or other entity that represent a constant danger to an asset ) Acts of human error or failure –Accidents, user mistakes Compromises to intellectual property –Piracy, copyright infringement Deliberate acts of espionage or trespass –Unauthorized access or trespass Deliberate acts of information extortion –Blackmail or information disclosure Deliberate acts of sabotage or vandalism –Destruction of system or information

6 Threats (continued) Deliberate acts of thefts –Illegal confiscation of equipment or information Deliberate software attacks –Virus, worms, macros Forces of nature –Fire, flood, earthquake, lighting, tsunami Deviations in quality of service –ISP, Power supply, WAN, LAN Technical hardware failure or errors –Equipment failure Technical software failure or errors –Bugs, code problems Technological obsolescence –Outdated technologies

7 Software attacks –Malicious Code Virus –Macro virus –Boot virus Warms –Hoaxes –Trojan Horses(Backdoor) –Password crack Brute Force; try every possible combination Dictionary –Denial of service

8 continued –Spoofing: change packet headers –Spam –Mail bombing –Snuffers: monitor data traveling over a network

9 How to protect your data Data Back up –Off side hard drives, CDROM, tapes Electricity back up –Uninterrupted power supply User authentication –User name/password –Password generators –Biometrics

10 More –Cryptographer methods Substitution cipher –ABC to DEF (3 character substitution) Transposition cipher Exclusive OR cipher

11 In class exercise Key: IS Encrypted text: ZGJWZL Method: Substitution Cipher Original text?

12 Time to crack encrypted message 8 bits, 1/256, 0.000032 seconds 16 bits, 1/65536, 0.008192 seconds 24 bits, 1/16777216, 2097 seconds … 128 bits, 1/3.4 028E38, 5.25E21 years

13 Cryptography –Single key, Symmetric Encryption Same key Challenge: sending the key to the receiver –Public key infrastructure (PKI), Asymmetric Encryption Dual key encryption –Digital signature: to verify information transferred Authentication Sender’s private key to encrypt, if the sender’s public key can decrypt: verified

14 More Firewalls –Un-trusted network vs. trusted network –Packet filtering VPN –Turn Internet into a private network –Characteristics Encapsulation Encryption Authentication –Two modes Transport mode (client to server) Tunnel mode (server to server) –Secure Socket Layer –Secure HTTP ( an application of SSL)


Download ppt "Network Security Management Dr. Robert Chi Chair and Professor, IS department Chief editor, Journal of Electronic Commerce Research."

Similar presentations


Ads by Google