1 / 23

Network and E-commerce Security

IS 605 Fall 2000. 2. Network Security. $ 10 billion worth of data stolen every yearHuge number of credit card numbers get stolen50% of the computer crimes are committed by insiders"Many cases are not reportedNetwork security is a major issueStill, not accorded the priority it deserves - low bu

ashanti
Download Presentation

Network and E-commerce Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. IS 605 Fall 2000 1 Network and E-commerce Security Somendra Pant

    2. IS 605 Fall 2000 2 Network Security $ 10 billion worth of data stolen every year Huge number of credit card numbers get stolen 50% of the computer crimes are committed by “insiders” Many cases are not reported Network security is a major issue Still, not accorded the priority it deserves - low budget allocations, for example. Enterprise network security goals need to be set at the highest level

    3. IS 605 Fall 2000 3 Main Issues Security of Internal Networks Security of Networks Connected to the Internet Secure E-commerce Issues Network Security Transaction Security Privacy – no unauthorized access Confidentiality – deletion after use Integrity – no tampering

    4. IS 605 Fall 2000 4 Internet Security Terms Authentication – a way to verify that message senders are who they say they are Integrity – ensuring that information will not be accidentally or maliciously altered or destroyed Reliability – ensuring that the system will perform consistently and at an acceptable level of quality Encryption – a process of making information indecipherable except to those with a decoding key

    5. IS 605 Fall 2000 5 Internet Security Terms Firewall – a filter between a corporate network and the Internet that keeps the corporate network secure from intruders but allows authenticated corporate users access to the Internet Spoofing – a way of creating counterfeit packets with private IP (Intranet) addresses in order to gain access to private networks and steal information Denial of service – an attack on the information and communication services by a third party that prevents legitimate users from using the infrastructure

    6. IS 605 Fall 2000 6 Figure 13-4 Security vs. Productivity Balance

    7. IS 605 Fall 2000 7 Network Security Essentials of Network Security Policy Identification/authorization - authorized users access resources Access control - even authorized users allowed appropriate access Privacy - no eavesdropping Data integrity - that data is genuine and cannot be altered without proper controls Non-repudiation - users do not deny occurrence of given events or transactions

    8. IS 605 Fall 2000 8 Network Security Steps in security policy development Identify assets Identify threats Identify vulnerabilities Consider the risks Take protective measures

    9. IS 605 Fall 2000 9 Network Security Policy Development Process Executive’s and Management’s Responsibility for Protection of Information Resources Set acceptable-use policy for the entire organization State the value of information as a corporate resource Require security awareness training Assess the consequences of security breach Find optimal balance between security and productivity needs Lead by example

    10. IS 605 Fall 2000 10 Virus Protection Virus - a malicious computer program Computer viruses are most common microcomputer security breach Frequent occurrences Complete recovery from a virus infection costs on an average of $8100 and 44 hr over 10 working days Over 10,000 known viruses, 200 new viruses per month Viruses need some kind of a trigger (time bomb, logic bomb) Logic bomb may appear as a button in a program Trojan Horses hide viruses (e.g. Concept, Melissa)

    11. IS 605 Fall 2000 11 Virus Protection Different categories of virus File infectors: attach themselves to a variety of executable files System/boot infectors: attack the files of the operating system or boot sector Antivirus Strategies Install virus scanning software at possible points of attack Scan diskettes at stand-alone PCs Outsider lap-tops – same as diskettes Prohibit, control, or scan shareware programs Vendors must run their demos on own machines

    12. IS 605 Fall 2000 12 Figure 13-17 Virus Infection Points of Attack and Protective Measures

    13. IS 605 Fall 2000 13 Virus Protection Antivirus Technology Relies On Virus scanning - primary method - checks for unique signatures of known viruses and removes them Emulation technology - runs programs to examine and identify potentially unknown viruses Programs are run in a safe environment to detect virus-like activities

    14. IS 605 Fall 2000 14 Authorization and Access Control Assures that only authorized users are able to access those files, directories, and applications to which they are entitled Simplest method is requiring users to use passwords Further security can be enforced by making the users choose passwords with certain features, requiring them to change passwords at intervals Modern authentication systems use smart cards Future trends - biometric authentication (fingerprints and retinal patterns) Access to resources can be restricted by giving different levels of access permissions

    15. IS 605 Fall 2000 15 Figure 13-18a Packet Filters

    16. IS 605 Fall 2000 16 Firewalls (Packet Filtering) Specialized software, usually runs on a dedicated server Prevents outsiders from accessing the corporate network All packets entering the firewall are filtered (examined) to determine: (a) that users have authority to access resources (b) that messages are appropriate for forwarding over the internal network

    17. IS 605 Fall 2000 17 Figure 13-18b Application Gateway

    18. IS 605 Fall 2000 18 Firewalls (Application Gateways) Firewalls can also be created through software known as proxy service Host computer running the proxy service is known as application gateway – sits between Internet and internal network – provides “proxy” services Provides safe access to authorized people to internal resources Example: user connects to proxy FTP software which in turn allows connection to internal machines. Connections are created after establishing the legitimacy of the request Even after establishing legitimacy, only proxy clients and servers actually communicate - actual internal IP addresses or names are not transported across the Internet

    19. IS 605 Fall 2000 19 Encryption Encryption involves changing of data into an indecipherable form Decryption - changing the code back into original message DES (Data Encryption Standard) - Private Key Encryption 64 bit encryption - 2 to the 64th power number of combinations Both the sender and the receiver must know the private key If private key is intercepted, encryption system is compromised

    20. IS 605 Fall 2000 20 Encryption RSA Standard (Rivet-Shamir-Alderman) - Public Key Encryption Makes use of a public/private key combination Digital Signature Encryption An original document is processed using a hash algorithm The unique hash string is encoded using the sender’s private key Recipient re-generates the original document to compare it with the document received

    21. IS 605 Fall 2000 21 Figure 13-23 Private Key Encryption, Public Key Encryption, and Digital Signature Encryption

    22. IS 605 Fall 2000 22 Figure 13-23a Private Key (Symmetric) Encryption

    23. IS 605 Fall 2000 23 Figure 13-23b Public Key Encryption

    24. IS 605 Fall 2000 24 Figure 13-23c Digital Signature Encryption

More Related