SlideShare uma empresa Scribd logo

Network security and firewalls

Transferir como PPTX, PDF
Murali Mohan
Murali Mohan

UG E-Commerce about Network Security and Firewalls

Educação
1 de 61
Network Security and Firewalls
• Complex issues of security, privacy, authentication and anonymity have been thrust into the forefront as confidential information increasingly traverses modern networks. • Confidence, reliability and protection of information against security threats is a crucial prerequisite for the functioning of electronic commerce.
Security Threat • Security threat is defined as a circumstance, condition or event with the potential to cause economic hardship to data or network resources in the form of destruction, disclosure, modification of data, denial of service and/or fraud, waste and abuse • The discussion of security concerns in electronic commerce can be divided into two broad types: • Client Server Security • Data and Transaction Security
Security Concerns in electronic commerce • Client-server security • Uses authorization methods to make sure that only valid users and programs have access to information resources such as databases • Access control mechanisms must be employed. Such as Password protection, encrypted smart cards, biometrics and firewalls • Data and transaction security • Ensures privacy and confidentiality in electronic messages. • The goal is to defeat any attempt to assume another identity while involved with electronic mail or other forms of data communication.
Client-Server Network Security • The biggest tasks system administrators face as they balance the opposing goals of user maneuverability and easy access and site security and confidentiality of local information. • Network security on the internet is a major concern for commercial organizations. • Use of internet for business purpose has raised many new security concerns now a days.
Client-Server Network Security
Client-Server Network Security • By connecting to the internet, a local network organization may be exposing itself to the entire population on the Internet. • An internet connection opens itself to access from other networks comprising the public internet. • They need to audit all access to the network. A system that records all log-on attempts- particularly the unsuccessful ones, can alert managers to the need for stronger measures. • Hackers can use password guessing, password trapping, security holes in programs, or common network access procedures to impersonate users and thus pose a threat to the server.
Client-Server Network Security problems • Physical Security holes results when individuals gain unauthorized physical access to a computer. Eg: on the network, a hacker can gain access to network system by guessing passwords of various users. • Software Security holes when badly written programs or “privileged” software are “compromised” into doing things they shouldn’t. Eg: rlogin hole in the IBM RS-6000 workstations, which enabled a hacker to create a “root” shell or super user access mode. • Inconsistent usage holes result when a system administrator assembles a combination of hardware and software such that the system is seriously flawed from a security point of view.
Protection Methods • At the file level, operating systems typically offer mechanisms such as access control lists that specify the resources various users and groups are entitled to access. • Protection also called authorization or access control grants privileges to the system or resource by checking user-specific information such as passwords. • If consumers connect a computer to the Internet, they can easily log into it from anywhere that the network reaches, but without proper access control, anyone else can too.
Protection methods • Trust Based Security • Means to trust everyone and do nothing extra for protection. • This approach assumes that no one ever makes an expensive breach such as getting root access and deleting all files. • This approach worked in the past, when the system administrator had to worry about a limited threat. Today, this is no longer the case.
Protection methods • Security through Obscurity • The notion that any network can be secure as long as nobody outside its management group is allowed to find out anything about its operational details and users are provided information on a need-to-know basis. • Hiding account passwords in binary files or scripts with the presumption that “nobody will ever find them”. • This method was quite successful with stand-alone systems. But its usefulness is minimal in the UNIX world, where users are free to move around the file system, have a great understanding of programming techniques, and have immense computing power at their fingertips. • Many users have advanced knowledge of how their operating system works and through experience can guess at the bits of knowledge considered confidential. This bypasses the whole basis of STO and makes this method of security useless.
Protection methods • Password Schemes • First level barrier to accidental intrusion. • Password schemes do little about deliberate attack, especially when common words or proper names are selected as passwords. • The simplest method used by most hackers is dictionary comparison, comparing a list of encrypted user passwords against a dictionary of encrypted common words.
Protection methods • Biometric Systems • The most secure level of authorization which involve some unique aspect of a person’s body. Eg: fingerprints, palm prints, retinal patterns, voice recognition, etc., • One biometric unit can serve for many workers than for network or workstation access.
Emerging Client-Server Security Threats • Most common Threats  Malicious code  Phishing  Hacking and cybervandalism  Credit card fraud/theft  Spoofing (pharming)  Denial of service attacks  Sniffing  Insider jobs  Poorly designed server and client software
Vulnerable points in the Client server Environment
Malicious Code • Viruses: computer program that has ability to replicate and spread to other files; most also deliver a “payload” of some sort (may be destructive or benign); include macro viruses, file-infecting viruses, and script viruses • Worms: designed to spread from computer to computer • Trojan horse: appears to be benign, but then does something other than expected • Bots: can be covertly installed on computer; responds to external commands sent by the attacker
Phishing • Any deceptive, online attempt by a third party to obtain confidential information for financial gain • Most popular type: e-mail scam letter • One of fastest growing forms of e-commerce crime
Hacking and Cybervandalism • Hacker: Individual who intends to gain unauthorized access to computer systems • Cracker: Used to denote hacker with criminal intent (two terms often used interchangeably) • Cybervandalism: Intentionally disrupting, defacing or destroying a Web site • Types of hackers include:  White hats  Black hats  Grey hats
Credit Card Fraud • Fear that credit card information will be stolen deters online purchases • Hackers target credit card files and other customer information files on merchant servers; use stolen data to establish credit under false identity • One solution: New identity verification mechanisms
Spoofing (Pharming) • Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else • Threatens integrity of site; authenticity
DoS and dDoS Attacks • Denial of service (DoS) attack: Hackers flood Web site with useless traffic to inundate and overwhelm network • Distributed denial of service (dDoS) attack: hackers use numerous computers to attack target network from numerous launch points
Other Security Threats • Sniffing: Type of eavesdropping program that monitors information traveling over a network; enables hackers to steal proprietary information from anywhere on a network • Insider jobs: Single largest financial threat • Poorly designed server and client software: Increase in complexity of software programs has contributed to an increase is vulnerabilities that hackers can exploit
Tools Available to Achieve Security
What is a Firewall? • A firewall is a barrier placed between the private network and the outside world. • All incoming and outgoing traffic most pass through it. • Can be used to separate address domains. • Controls TCP protocols • http, smtp, ftp, telnet etc • Only one of many different security tool’s to control and regulate network traffic
What do Firewalls Protect? • Data • Proprietary corporate information • Financial information • Sensitive employee or customer data • Resources • Computing resources • Time resources • Reputation • Loss of confidence in an organization • Intruder uses an organization’s network to attack other sites
Who do Firewalls Guard Against? • Internal Users • Hackers • Corporate Espionage • Terrorists • Common Thieves
Basic Firewall Components • Policy • Advanced authentication • Packet inspection • Application gateways
Firewall-secured Internet Connection
What are the types of Firewalls? • A firewall can be either hardware-based or host- based. • A hardware-based firewall usually means specialized network boxes, such as routers or switches, containing customized hardware and software. This kind of firewall is often expensive, complicated and difficult to configure. • A host-based firewall is easier to use for individuals or small organizations. A host-based firewalls can be understood as a piece of software running on an individual’s PC, notebook or host. It is designed to allow or restrict data transferred on a network based on a set of rules. Windows : windows defender firewall Unix: IP tables
• Generally, firewalls operate by screening packets and/or the applications that pass through them, provide controllable filtering of network traffic, allow restricted access to certain applications, and block access to everything else. • The actual mechanism that accomplishes filtering varies widely, but in principle, the firewall can be thought of as a pair of mechanisms: one to block incoming traffic and the other to permit outgoing traffic. • Some firewalls place a greater emphasis on blocking traffic, and others emphasize permitting traffic.
• Firewalls range from simple traffic logging systems that record all network traffic flowing through the firewall in a file or database for auditing purposes to more complex methods such as IP packet screening routers, hardened fire-wall hosts, and proxy application gateways. • The simplest firewall is a packet-filtering gateway or screening router. Configured with filters to restrict packet traffic to designated addresses, screening routers also limit the types of services that can pass through them. • More complex and secure are application gateways.
IP Packet Screening Routers • This is a static traffic routing service placed between the network service provider's router and the internal network. • The traffic routing service may be implemented at an IP level via screening rules in a router or at an application level via proxy gateways and services.
• The firewall router filters incoming packets to permit or deny IP packets based on several screening rules. • These screening rules, implemented into the router are automatically performed. • Rules include target interface to which the packet is routed, known source IP address, and incoming packet protocol (TCP , UDP , ICMP) • ICMP stands for Internet Control Message Protocol, a network management tool of the TCP/IP protocol suite.
Disadvantages Although properly configured routers can plug many security holes, they do have several disadvantages. • First, screening rules are difficult to specify, given the vastly diverse needs of users. • Second, screening routers are fairly inflexible and do not easily extend to deal with functionality different from that preprogrammed by the vendor. • Lastly , if the screening router is circumvented by a hacker , the rest of the network is open to attack.
Proxy Application Gateways • A proxy application gateway is a special server that typically runs on a firewall machine. • Their primary use is access to applications such as the World Wide Web from within a secure perimeter as shown in figure below. • Instead of talking directly to external WWW servers, each request from the client would be routed to a proxy on the firewall that is defined by the user.
• The proxy knows how to get through the firewall. • An application-Level proxy makes a firewall safely permeable for users in an organization, without creating a potential security hole through which hackers can get into corporate networks. • The proxy waits for a request from inside the firewall, forwards the request to the remote server outside the firewall, reads the response, and then returns it to the client. • In the usual case, all clients within a given subnet use the same proxy. • This makes it possible for the proxy to execute efficient caching of documents that are requested by a number of clients. • The proxy must be in a position to filter dangerous URLs and malformed commands.
Proxy servers on the World Wide Web
Hardened Firewall Host: • A hardened firewall host is a stripped-down machine that has been configured for increased security. • This type of firewall requires inside or outside users to connect to the trusted applications on the firewall machine before connecting further . • Generally, these firewalls are configured to protect against unauthenticated interactive log-ins from the external world. • This, more than anything, helps prevent unauthorized users from logging into machines on the network. • The hardened firewall host method can provide a greater level of audit and security, in return for increased configuration cost and decreased 'level of service (because a proxy needs to be developed for each desired service).
Data and Message Security
• Historically, computer security was provided by the use of account passwords and limited physical access to a facility to bonafide users. • Password schemes are not sufficient to prevent attacks from sophisticated hackers. • A growing threat on public and sometimes on even private networks is the theft of information passes over them. • Unsuspecting and amateur users logging into remote hosts are the most vulnerable.
Data security • Data security is of top importance at a time when people are considering banking and financial transactions. • Packet Sniffing (unauthorized network monitoring) is major threat to data security. • Sniffer attacks begin when a computer is compromised and the cracker installs a packet sniffing program, which finds the log-in ID, Password and username of the person logging into another machine from the network traffic typically Telnet, FTP. • If the compromised system is on a backbone network, intruders can monitor any transit traffic traversing in the network.
Message security • Messaging security is a program that provides protection for companies messaging infrastructure. • It protects all the personal message of the company which are related to company’s vision and mission.
Types of Message Security • Confidentiality • The environment must protect all message traffic. After successful delivery to their destination gateways, messages must be removed from the public environment. • Integrity • Business transactions require that their contents remain unmodified during transport. • Authentication • It is a mechanism whereby the receiver of a transaction or message can be confident of the identity of the sender and /or the integrity of the message.
Tools Available to Achieve Security
Encryption as the basis for Data and Message Security • Encryption: is the mutation of information in any form (text, video, and graphics) into a representation unreadable by anyone without a decryption key.
Goals of Encryption • Security Goals: • Privacy (Secrecy, confidentiality) : Only the intended recipient can see the communication • Authenticity(Integrity) : the communication is generated by the alleged sender
Encryption Methods • Secret Key Cryptography • use of a shared key • Public Key Cryptography • Pair of Public key and private key
Cryptography : The science of secret writing  Plaintext= means the message  Encryption=encoding(hiding the contents from outsiders) the message  Ciphertext= the encrypted message  Decryption=the process of retrieving the plaintext from the ciphertext  “Encryption” and “Decryption” makes use of a “key and a coding method”.
Symmetric Key Encryption • Also known as secret key encryption • Both the sender and receiver use the same digital key to encrypt and decrypt message • Requires a different set of keys for each transaction • Data Encryption Standard (DES): Most widely used symmetric key encryption today; uses 56-bit encryption key; other types use 128-bit keys up through 2048 bits
Public Key Encryption • Public key cryptography solves symmetric key encryption problem of having to exchange secret key • Uses two mathematically related digital keys – public key (widely disseminated) and private key (kept secret by owner) • Both keys are used to encrypt and decrypt message • Once key is used to encrypt message, same key cannot be used to decrypt message • For example, sender uses recipient’s public key to encrypt message; recipient uses his/her private key to decrypt it
Advantages • No one can figure out the private key from the corresponding public key. Hence, the key management problem is confined to the management of private keys. This ensures confidentiality. • The need for sender and receiver to share secret information over public channels is completely eliminated.
RSA and Public-key Cryptography • RSA is the most commonly used public key algorithm, although it is vulnerable to attack. • Named after its inventors, Ron Rivest, AdiShamir and Len Adleman, of the MIT, RSA was first published in 1978. • It is used for encryption as well as for electronic signatures (discussed later). RSA lets you choose the size of your public key. • The 512-bit keys are considered insecure or weak. • The 768-bit keys are secure from everything but 1024-bit keys are secure from virtually anything.
Digital Signatures • is a type of asymmetric cryptography used to simulate the security properties of a signature in digital, rather than written, form. • is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. • Digital signature schemes normally give two algorithms, one for signing which involves the user's secret or private key, and one for verifying signatures which involves the user's public key. The output of the signature process is called the "digital signature.“ • Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. • The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.
Transmit via the Internet User Use A’s Private key to sign the document User B received the document with signature attached Verify the signature by A’s public key at the directory ed User B
E-mail Security flaws • E-mail is the most widely used application in the Internet. • Email is sent in plain text. • Email uses outdated protocol, SMTP. • Includes a header full of revealing metadata. • Can easily become intercepted.
Encrypted Documents and Electronic Mail • E-mail is typically encrypted for the reason that all network correspondence is open for eavesdropping. • Examination of encrypted information is non-trivial; each file must be decrypted even before it cant be examined. • The E-mail encryption schemes are • Privacy Enhanced Mail (PEM) • Pretty Good Privacy (PGP)
Privacy Enhanced Mail(PEM) • It is designed to work with current Internet e-mail formats. • It includes Encryption, authentication, and key management and allows use of both public-key and secret-key cryptosystems.
Pretty Good Privacy (PGP) • Provides a confidentiality and authentication service that can be used for electronic mail and file storage applications. • Developed by Phil Zimmermann • Selected the best available cryptographic algorithms as building blocks. • Integrated these algorithms into a general-purpose applications that is independent of operating system and processor and that is based on a small set of easy-to-use commands. • Made the package and its documentation, including the source code, freely available via the internet, bulletin boards, and commercial networks. • Entered into an agreement with a company to provide a fully compatible, low cost commercial version of PGP.

Recomendados

Data and Message Security
Data and Message SecurityData and Message Security
Data and Message SecurityNrapesh Shah
 
Network security for E-Commerce
Network security for E-CommerceNetwork security for E-Commerce
Network security for E-CommerceHem Pokhrel
 
Client server security threats
Client server security threatsClient server security threats
Client server security threatsrahul kundu
 
Electronic Payment Systems in E Commerce
Electronic Payment Systems in E CommerceElectronic Payment Systems in E Commerce
Electronic Payment Systems in E CommerceVinay Chaithanya
 
consumer oriented applications
consumer oriented applicationsconsumer oriented applications
consumer oriented applicationspreetikapri1
 
Client Server Network Security
Client Server Network SecurityClient Server Network Security
Client Server Network SecurityMithilDoshi1
 
Advantages and disadvantages of e commerce
Advantages and disadvantages of e commerceAdvantages and disadvantages of e commerce
Advantages and disadvantages of e commerceShubha Sharma
 
digital tokens based on E-payments
digital tokens based on E-paymentsdigital tokens based on E-payments
digital tokens based on E-paymentsraviteja reddy
 

Recomendados

Data and Message Security
Data and Message SecurityData and Message Security
Data and Message SecurityNrapesh Shah
 
Network security for E-Commerce
Network security for E-CommerceNetwork security for E-Commerce
Network security for E-CommerceHem Pokhrel
 
Client server security threats
Client server security threatsClient server security threats
Client server security threatsrahul kundu
 
Electronic Payment Systems in E Commerce
Electronic Payment Systems in E CommerceElectronic Payment Systems in E Commerce
Electronic Payment Systems in E CommerceVinay Chaithanya
 
consumer oriented applications
consumer oriented applicationsconsumer oriented applications
consumer oriented applicationspreetikapri1
 
Client Server Network Security
Client Server Network SecurityClient Server Network Security
Client Server Network SecurityMithilDoshi1
 
Advantages and disadvantages of e commerce
Advantages and disadvantages of e commerceAdvantages and disadvantages of e commerce
Advantages and disadvantages of e commerceShubha Sharma
 
digital tokens based on E-payments
digital tokens based on E-paymentsdigital tokens based on E-payments
digital tokens based on E-paymentsraviteja reddy
 
Security issues in E-commerce
Security issues in E-commerceSecurity issues in E-commerce
Security issues in E-commercenikitaTahilyani1
 
Consumer Oriented E commerce Application
Consumer Oriented E commerce ApplicationConsumer Oriented E commerce Application
Consumer Oriented E commerce ApplicationMahesh Shetty
 
Anatomy of Ecommerce framework
Anatomy of Ecommerce frameworkAnatomy of Ecommerce framework
Anatomy of Ecommerce frameworkmohanapragashkec
 
Electronic payment system
Electronic payment systemElectronic payment system
Electronic payment systempankhadi
 
electronic payment system
electronic payment system electronic payment system
electronic payment system RonakJain191
 
Security Threats in E-Commerce
Security Threats in E-CommerceSecurity Threats in E-Commerce
Security Threats in E-CommerceDattatreya Reddy Peram
 
Advantages and Disadvantages of Ecommerce
Advantages and Disadvantages of EcommerceAdvantages and Disadvantages of Ecommerce
Advantages and Disadvantages of EcommerceAbsolute eCommerce
 
Security issues in e commerce
Security issues in e commerceSecurity issues in e commerce
Security issues in e commercesadaf tst
 
e payment system ppt
e payment system ppte payment system ppt
e payment system pptminisharma35
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment SystemRitesh Goyal
 
E commerce (edi)
E commerce (edi)E commerce (edi)
E commerce (edi)Arnav Chowdhury
 
Consumer Oriented E-Commerce Q&A
Consumer Oriented E-Commerce Q&AConsumer Oriented E-Commerce Q&A
Consumer Oriented E-Commerce Q&AMurali Mohan
 
Types of E-Commerce
Types of E-CommerceTypes of E-Commerce
Types of E-CommerceRajaKrishnan M
 
E commerce security
E commerce securityE commerce security
E commerce securityShakti Singh
 
I way - Network Infrastructure for e-Commerce
I way - Network Infrastructure for e-CommerceI way - Network Infrastructure for e-Commerce
I way - Network Infrastructure for e-Commercemc aa
 
Electronic fund transfer system
Electronic fund transfer systemElectronic fund transfer system
Electronic fund transfer systemramandeepjrf
 
Some E-commerce Applications
Some E-commerce ApplicationsSome E-commerce Applications
Some E-commerce ApplicationsAnuj Gupta
 
e-commerce
e-commercee-commerce
e-commerceManish Kaushik
 
Client server network threat
Client server network threatClient server network threat
Client server network threatRaj vardhan
 
E-commerce- Security & Encryption
E-commerce- Security & EncryptionE-commerce- Security & Encryption
E-commerce- Security & EncryptionBiroja
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Computer security
Computer securityComputer security
Computer securityMahesh Singh Madai
 

Mais conteúdo relacionado

Mais procurados

Security issues in E-commerce
Security issues in E-commerceSecurity issues in E-commerce
Security issues in E-commercenikitaTahilyani1
 
Consumer Oriented E commerce Application
Consumer Oriented E commerce ApplicationConsumer Oriented E commerce Application
Consumer Oriented E commerce ApplicationMahesh Shetty
 
Anatomy of Ecommerce framework
Anatomy of Ecommerce frameworkAnatomy of Ecommerce framework
Anatomy of Ecommerce frameworkmohanapragashkec
 
Electronic payment system
Electronic payment systemElectronic payment system
Electronic payment systempankhadi
 
electronic payment system
electronic payment system electronic payment system
electronic payment system RonakJain191
 
Advantages and Disadvantages of Ecommerce
Advantages and Disadvantages of EcommerceAdvantages and Disadvantages of Ecommerce
Advantages and Disadvantages of EcommerceAbsolute eCommerce
 
Security issues in e commerce
Security issues in e commerceSecurity issues in e commerce
Security issues in e commercesadaf tst
 
e payment system ppt
e payment system ppte payment system ppt
e payment system pptminisharma35
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment SystemRitesh Goyal
 
Consumer Oriented E-Commerce Q&A
Consumer Oriented E-Commerce Q&AConsumer Oriented E-Commerce Q&A
Consumer Oriented E-Commerce Q&AMurali Mohan
 
E commerce security
E commerce securityE commerce security
E commerce securityShakti Singh
 
I way - Network Infrastructure for e-Commerce
I way - Network Infrastructure for e-CommerceI way - Network Infrastructure for e-Commerce
I way - Network Infrastructure for e-Commercemc aa
 
Electronic fund transfer system
Electronic fund transfer systemElectronic fund transfer system
Electronic fund transfer systemramandeepjrf
 
Some E-commerce Applications
Some E-commerce ApplicationsSome E-commerce Applications
Some E-commerce ApplicationsAnuj Gupta
 
Client server network threat
Client server network threatClient server network threat
Client server network threatRaj vardhan
 
E-commerce- Security & Encryption
E-commerce- Security & EncryptionE-commerce- Security & Encryption
E-commerce- Security & EncryptionBiroja
 

Mais procurados (20)

Security issues in E-commerce
Security issues in E-commerceSecurity issues in E-commerce
Security issues in E-commerce
 
Consumer Oriented E commerce Application
Consumer Oriented E commerce ApplicationConsumer Oriented E commerce Application
Consumer Oriented E commerce Application
 
Anatomy of Ecommerce framework
Anatomy of Ecommerce frameworkAnatomy of Ecommerce framework
Anatomy of Ecommerce framework
 
Electronic payment system
Electronic payment systemElectronic payment system
Electronic payment system
 
electronic payment system
electronic payment system electronic payment system
electronic payment system
 
Security Threats in E-Commerce
Security Threats in E-CommerceSecurity Threats in E-Commerce
Security Threats in E-Commerce
 
Advantages and Disadvantages of Ecommerce
Advantages and Disadvantages of EcommerceAdvantages and Disadvantages of Ecommerce
Advantages and Disadvantages of Ecommerce
 
Security issues in e commerce
Security issues in e commerceSecurity issues in e commerce
Security issues in e commerce
 
e payment system ppt
e payment system ppte payment system ppt
e payment system ppt
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment System
 
E commerce (edi)
E commerce (edi)E commerce (edi)
E commerce (edi)
 
Consumer Oriented E-Commerce Q&A
Consumer Oriented E-Commerce Q&AConsumer Oriented E-Commerce Q&A
Consumer Oriented E-Commerce Q&A
 
Types of E-Commerce
Types of E-CommerceTypes of E-Commerce
Types of E-Commerce
 
E commerce security
E commerce securityE commerce security
E commerce security
 
I way - Network Infrastructure for e-Commerce
I way - Network Infrastructure for e-CommerceI way - Network Infrastructure for e-Commerce
I way - Network Infrastructure for e-Commerce
 
Electronic fund transfer system
Electronic fund transfer systemElectronic fund transfer system
Electronic fund transfer system
 
Some E-commerce Applications
Some E-commerce ApplicationsSome E-commerce Applications
Some E-commerce Applications
 
e-commerce
e-commercee-commerce
e-commerce
 
Client server network threat
Client server network threatClient server network threat
Client server network threat
 
E-commerce- Security & Encryption
E-commerce- Security & EncryptionE-commerce- Security & Encryption
E-commerce- Security & Encryption
 

Semelhante a Network security and firewalls

attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionSachintha Gunasena
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptxWeek-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptxyasirkhokhar7
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
Cyber security slideshare_oct_2020
Cyber security slideshare_oct_2020Cyber security slideshare_oct_2020
Cyber security slideshare_oct_2020Arun Velayudhan
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securityGeevarghese Titus
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version Brian Pichman
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).pptGooglePay16
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdfKARANSINGHD
 

Semelhante a Network security and firewalls (20)

attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
Computer security
Computer securityComputer security
Computer security
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Cyber security
Cyber securityCyber security
Cyber security
 
Network Security
Network SecurityNetwork Security
Network Security
 
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptxWeek-09-10-11-12 Fundamentals of Cybersecurity.pptx
Week-09-10-11-12 Fundamentals of Cybersecurity.pptx
 
Ecommerce_Ch4.pptx
Ecommerce_Ch4.pptxEcommerce_Ch4.pptx
Ecommerce_Ch4.pptx
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 
Cyber security slideshare_oct_2020
Cyber security slideshare_oct_2020Cyber security slideshare_oct_2020
Cyber security slideshare_oct_2020
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
3-UnitV_security.pptx
3-UnitV_security.pptx3-UnitV_security.pptx
3-UnitV_security.pptx
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 
cscnapd.ppt
cscnapd.pptcscnapd.ppt
cscnapd.ppt
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).ppt
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdf
 

Último

Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfChris Hunter
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 

Último (20)

Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 

Network security and firewalls

  • 2. • Complex issues of security, privacy, authentication and anonymity have been thrust into the forefront as confidential information increasingly traverses modern networks. • Confidence, reliability and protection of information against security threats is a crucial prerequisite for the functioning of electronic commerce.
  • 3. Security Threat • Security threat is defined as a circumstance, condition or event with the potential to cause economic hardship to data or network resources in the form of destruction, disclosure, modification of data, denial of service and/or fraud, waste and abuse • The discussion of security concerns in electronic commerce can be divided into two broad types: • Client Server Security • Data and Transaction Security
  • 4. Security Concerns in electronic commerce • Client-server security • Uses authorization methods to make sure that only valid users and programs have access to information resources such as databases • Access control mechanisms must be employed. Such as Password protection, encrypted smart cards, biometrics and firewalls • Data and transaction security • Ensures privacy and confidentiality in electronic messages. • The goal is to defeat any attempt to assume another identity while involved with electronic mail or other forms of data communication.
  • 5. Client-Server Network Security • The biggest tasks system administrators face as they balance the opposing goals of user maneuverability and easy access and site security and confidentiality of local information. • Network security on the internet is a major concern for commercial organizations. • Use of internet for business purpose has raised many new security concerns now a days.
  • 7. Client-Server Network Security • By connecting to the internet, a local network organization may be exposing itself to the entire population on the Internet. • An internet connection opens itself to access from other networks comprising the public internet. • They need to audit all access to the network. A system that records all log-on attempts- particularly the unsuccessful ones, can alert managers to the need for stronger measures. • Hackers can use password guessing, password trapping, security holes in programs, or common network access procedures to impersonate users and thus pose a threat to the server.
  • 8. Client-Server Network Security problems • Physical Security holes results when individuals gain unauthorized physical access to a computer. Eg: on the network, a hacker can gain access to network system by guessing passwords of various users. • Software Security holes when badly written programs or “privileged” software are “compromised” into doing things they shouldn’t. Eg: rlogin hole in the IBM RS-6000 workstations, which enabled a hacker to create a “root” shell or super user access mode. • Inconsistent usage holes result when a system administrator assembles a combination of hardware and software such that the system is seriously flawed from a security point of view.
  • 9. Protection Methods • At the file level, operating systems typically offer mechanisms such as access control lists that specify the resources various users and groups are entitled to access. • Protection also called authorization or access control grants privileges to the system or resource by checking user-specific information such as passwords. • If consumers connect a computer to the Internet, they can easily log into it from anywhere that the network reaches, but without proper access control, anyone else can too.
  • 10. Protection methods • Trust Based Security • Means to trust everyone and do nothing extra for protection. • This approach assumes that no one ever makes an expensive breach such as getting root access and deleting all files. • This approach worked in the past, when the system administrator had to worry about a limited threat. Today, this is no longer the case.
  • 11. Protection methods • Security through Obscurity • The notion that any network can be secure as long as nobody outside its management group is allowed to find out anything about its operational details and users are provided information on a need-to-know basis. • Hiding account passwords in binary files or scripts with the presumption that “nobody will ever find them”. • This method was quite successful with stand-alone systems. But its usefulness is minimal in the UNIX world, where users are free to move around the file system, have a great understanding of programming techniques, and have immense computing power at their fingertips. • Many users have advanced knowledge of how their operating system works and through experience can guess at the bits of knowledge considered confidential. This bypasses the whole basis of STO and makes this method of security useless.
  • 12. Protection methods • Password Schemes • First level barrier to accidental intrusion. • Password schemes do little about deliberate attack, especially when common words or proper names are selected as passwords. • The simplest method used by most hackers is dictionary comparison, comparing a list of encrypted user passwords against a dictionary of encrypted common words.
  • 13. Protection methods • Biometric Systems • The most secure level of authorization which involve some unique aspect of a person’s body. Eg: fingerprints, palm prints, retinal patterns, voice recognition, etc., • One biometric unit can serve for many workers than for network or workstation access.
  • 14. Emerging Client-Server Security Threats • Most common Threats  Malicious code  Phishing  Hacking and cybervandalism  Credit card fraud/theft  Spoofing (pharming)  Denial of service attacks  Sniffing  Insider jobs  Poorly designed server and client software
  • 15. Vulnerable points in the Client server Environment
  • 16. Malicious Code • Viruses: computer program that has ability to replicate and spread to other files; most also deliver a “payload” of some sort (may be destructive or benign); include macro viruses, file-infecting viruses, and script viruses • Worms: designed to spread from computer to computer • Trojan horse: appears to be benign, but then does something other than expected • Bots: can be covertly installed on computer; responds to external commands sent by the attacker
  • 17. Phishing • Any deceptive, online attempt by a third party to obtain confidential information for financial gain • Most popular type: e-mail scam letter • One of fastest growing forms of e-commerce crime
  • 18. Hacking and Cybervandalism • Hacker: Individual who intends to gain unauthorized access to computer systems • Cracker: Used to denote hacker with criminal intent (two terms often used interchangeably) • Cybervandalism: Intentionally disrupting, defacing or destroying a Web site • Types of hackers include:  White hats  Black hats  Grey hats
  • 19. Credit Card Fraud • Fear that credit card information will be stolen deters online purchases • Hackers target credit card files and other customer information files on merchant servers; use stolen data to establish credit under false identity • One solution: New identity verification mechanisms
  • 20. Spoofing (Pharming) • Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else • Threatens integrity of site; authenticity
  • 21. DoS and dDoS Attacks • Denial of service (DoS) attack: Hackers flood Web site with useless traffic to inundate and overwhelm network • Distributed denial of service (dDoS) attack: hackers use numerous computers to attack target network from numerous launch points
  • 22. Other Security Threats • Sniffing: Type of eavesdropping program that monitors information traveling over a network; enables hackers to steal proprietary information from anywhere on a network • Insider jobs: Single largest financial threat • Poorly designed server and client software: Increase in complexity of software programs has contributed to an increase is vulnerabilities that hackers can exploit
  • 23. Tools Available to Achieve Security
  • 24. What is a Firewall? • A firewall is a barrier placed between the private network and the outside world. • All incoming and outgoing traffic most pass through it. • Can be used to separate address domains. • Controls TCP protocols • http, smtp, ftp, telnet etc • Only one of many different security tool’s to control and regulate network traffic
  • 25. What do Firewalls Protect? • Data • Proprietary corporate information • Financial information • Sensitive employee or customer data • Resources • Computing resources • Time resources • Reputation • Loss of confidence in an organization • Intruder uses an organization’s network to attack other sites
  • 26. Who do Firewalls Guard Against? • Internal Users • Hackers • Corporate Espionage • Terrorists • Common Thieves
  • 27. Basic Firewall Components • Policy • Advanced authentication • Packet inspection • Application gateways
  • 29. What are the types of Firewalls? • A firewall can be either hardware-based or host- based. • A hardware-based firewall usually means specialized network boxes, such as routers or switches, containing customized hardware and software. This kind of firewall is often expensive, complicated and difficult to configure. • A host-based firewall is easier to use for individuals or small organizations. A host-based firewalls can be understood as a piece of software running on an individual’s PC, notebook or host. It is designed to allow or restrict data transferred on a network based on a set of rules. Windows : windows defender firewall Unix: IP tables
  • 30. • Generally, firewalls operate by screening packets and/or the applications that pass through them, provide controllable filtering of network traffic, allow restricted access to certain applications, and block access to everything else. • The actual mechanism that accomplishes filtering varies widely, but in principle, the firewall can be thought of as a pair of mechanisms: one to block incoming traffic and the other to permit outgoing traffic. • Some firewalls place a greater emphasis on blocking traffic, and others emphasize permitting traffic.
  • 31. • Firewalls range from simple traffic logging systems that record all network traffic flowing through the firewall in a file or database for auditing purposes to more complex methods such as IP packet screening routers, hardened fire-wall hosts, and proxy application gateways. • The simplest firewall is a packet-filtering gateway or screening router. Configured with filters to restrict packet traffic to designated addresses, screening routers also limit the types of services that can pass through them. • More complex and secure are application gateways.
  • 32. IP Packet Screening Routers • This is a static traffic routing service placed between the network service provider's router and the internal network. • The traffic routing service may be implemented at an IP level via screening rules in a router or at an application level via proxy gateways and services.
  • 33.
  • 34. • The firewall router filters incoming packets to permit or deny IP packets based on several screening rules. • These screening rules, implemented into the router are automatically performed. • Rules include target interface to which the packet is routed, known source IP address, and incoming packet protocol (TCP , UDP , ICMP) • ICMP stands for Internet Control Message Protocol, a network management tool of the TCP/IP protocol suite.
  • 35. Disadvantages Although properly configured routers can plug many security holes, they do have several disadvantages. • First, screening rules are difficult to specify, given the vastly diverse needs of users. • Second, screening routers are fairly inflexible and do not easily extend to deal with functionality different from that preprogrammed by the vendor. • Lastly , if the screening router is circumvented by a hacker , the rest of the network is open to attack.
  • 36. Proxy Application Gateways • A proxy application gateway is a special server that typically runs on a firewall machine. • Their primary use is access to applications such as the World Wide Web from within a secure perimeter as shown in figure below. • Instead of talking directly to external WWW servers, each request from the client would be routed to a proxy on the firewall that is defined by the user.
  • 37. • The proxy knows how to get through the firewall. • An application-Level proxy makes a firewall safely permeable for users in an organization, without creating a potential security hole through which hackers can get into corporate networks. • The proxy waits for a request from inside the firewall, forwards the request to the remote server outside the firewall, reads the response, and then returns it to the client. • In the usual case, all clients within a given subnet use the same proxy. • This makes it possible for the proxy to execute efficient caching of documents that are requested by a number of clients. • The proxy must be in a position to filter dangerous URLs and malformed commands.
  • 38. Proxy servers on the World Wide Web
  • 39. Hardened Firewall Host: • A hardened firewall host is a stripped-down machine that has been configured for increased security. • This type of firewall requires inside or outside users to connect to the trusted applications on the firewall machine before connecting further . • Generally, these firewalls are configured to protect against unauthenticated interactive log-ins from the external world. • This, more than anything, helps prevent unauthorized users from logging into machines on the network. • The hardened firewall host method can provide a greater level of audit and security, in return for increased configuration cost and decreased 'level of service (because a proxy needs to be developed for each desired service).
  • 40. Data and Message Security
  • 41. • Historically, computer security was provided by the use of account passwords and limited physical access to a facility to bonafide users. • Password schemes are not sufficient to prevent attacks from sophisticated hackers. • A growing threat on public and sometimes on even private networks is the theft of information passes over them. • Unsuspecting and amateur users logging into remote hosts are the most vulnerable.
  • 42. Data security • Data security is of top importance at a time when people are considering banking and financial transactions. • Packet Sniffing (unauthorized network monitoring) is major threat to data security. • Sniffer attacks begin when a computer is compromised and the cracker installs a packet sniffing program, which finds the log-in ID, Password and username of the person logging into another machine from the network traffic typically Telnet, FTP. • If the compromised system is on a backbone network, intruders can monitor any transit traffic traversing in the network.
  • 43. Message security • Messaging security is a program that provides protection for companies messaging infrastructure. • It protects all the personal message of the company which are related to company’s vision and mission.
  • 44. Types of Message Security • Confidentiality • The environment must protect all message traffic. After successful delivery to their destination gateways, messages must be removed from the public environment. • Integrity • Business transactions require that their contents remain unmodified during transport. • Authentication • It is a mechanism whereby the receiver of a transaction or message can be confident of the identity of the sender and /or the integrity of the message.
  • 45. Tools Available to Achieve Security
  • 46. Encryption as the basis for Data and Message Security • Encryption: is the mutation of information in any form (text, video, and graphics) into a representation unreadable by anyone without a decryption key.
  • 47. Goals of Encryption • Security Goals: • Privacy (Secrecy, confidentiality) : Only the intended recipient can see the communication • Authenticity(Integrity) : the communication is generated by the alleged sender
  • 48. Encryption Methods • Secret Key Cryptography • use of a shared key • Public Key Cryptography • Pair of Public key and private key
  • 49. Cryptography : The science of secret writing  Plaintext= means the message  Encryption=encoding(hiding the contents from outsiders) the message  Ciphertext= the encrypted message  Decryption=the process of retrieving the plaintext from the ciphertext  “Encryption” and “Decryption” makes use of a “key and a coding method”.
  • 50. Symmetric Key Encryption • Also known as secret key encryption • Both the sender and receiver use the same digital key to encrypt and decrypt message • Requires a different set of keys for each transaction • Data Encryption Standard (DES): Most widely used symmetric key encryption today; uses 56-bit encryption key; other types use 128-bit keys up through 2048 bits
  • 51.
  • 52. Public Key Encryption • Public key cryptography solves symmetric key encryption problem of having to exchange secret key • Uses two mathematically related digital keys – public key (widely disseminated) and private key (kept secret by owner) • Both keys are used to encrypt and decrypt message • Once key is used to encrypt message, same key cannot be used to decrypt message • For example, sender uses recipient’s public key to encrypt message; recipient uses his/her private key to decrypt it
  • 53.
  • 54. Advantages • No one can figure out the private key from the corresponding public key. Hence, the key management problem is confined to the management of private keys. This ensures confidentiality. • The need for sender and receiver to share secret information over public channels is completely eliminated.
  • 55. RSA and Public-key Cryptography • RSA is the most commonly used public key algorithm, although it is vulnerable to attack. • Named after its inventors, Ron Rivest, AdiShamir and Len Adleman, of the MIT, RSA was first published in 1978. • It is used for encryption as well as for electronic signatures (discussed later). RSA lets you choose the size of your public key. • The 512-bit keys are considered insecure or weak. • The 768-bit keys are secure from everything but 1024-bit keys are secure from virtually anything.
  • 56. Digital Signatures • is a type of asymmetric cryptography used to simulate the security properties of a signature in digital, rather than written, form. • is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. • Digital signature schemes normally give two algorithms, one for signing which involves the user's secret or private key, and one for verifying signatures which involves the user's public key. The output of the signature process is called the "digital signature.“ • Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. • The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.
  • 57. Transmit via the Internet User Use A’s Private key to sign the document User B received the document with signature attached Verify the signature by A’s public key at the directory ed User B
  • 58. E-mail Security flaws • E-mail is the most widely used application in the Internet. • Email is sent in plain text. • Email uses outdated protocol, SMTP. • Includes a header full of revealing metadata. • Can easily become intercepted.
  • 59. Encrypted Documents and Electronic Mail • E-mail is typically encrypted for the reason that all network correspondence is open for eavesdropping. • Examination of encrypted information is non-trivial; each file must be decrypted even before it cant be examined. • The E-mail encryption schemes are • Privacy Enhanced Mail (PEM) • Pretty Good Privacy (PGP)
  • 60. Privacy Enhanced Mail(PEM) • It is designed to work with current Internet e-mail formats. • It includes Encryption, authentication, and key management and allows use of both public-key and secret-key cryptosystems.
  • 61. Pretty Good Privacy (PGP) • Provides a confidentiality and authentication service that can be used for electronic mail and file storage applications. • Developed by Phil Zimmermann • Selected the best available cryptographic algorithms as building blocks. • Integrated these algorithms into a general-purpose applications that is independent of operating system and processor and that is based on a small set of easy-to-use commands. • Made the package and its documentation, including the source code, freely available via the internet, bulletin boards, and commercial networks. • Entered into an agreement with a company to provide a fully compatible, low cost commercial version of PGP.