1 / 55

Module 4 System and Application Security

Module 4 System and Application Security. Chapter 2 - System Security. System Security. We discuss Desktop Security email security: PGP and SMIME 3 Database Security Web Security: web authentication, SSL and SET 4. Email Security (Pretty Good Privacy (PGP),S/MIME).

frankchristopher
Download Presentation

Module 4 System and Application Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 4 System and Application Security Chapter 2 - System Security

  2. System Security • We discuss • Desktop Security • email security: PGP and SMIME 3 • Database Security • Web Security: web authentication, SSL and SET 4

  3. Email Security(Pretty Good Privacy (PGP),S/MIME) • Email is one of the most heavily used network-based application. • There are two widely used schemes for providing authentication and confidentiality for email security, PGP and S/MIME.

  4. SMTP • Internet email is originally based on SMPT-protocol (Simple Mail Transfer Protocol) • SMPT transfers a message consisting of header lines and a body (all ASCII) using a packet relay network. • SMPT does not have any security services. The messages can easily be read or modified. Also the senders address of routing information is easy to change.

  5. MIME • ”Multipurpose Internet Mail Extensions” is an extension to solve many limitations of using text-based messages and SMPT. • MIME does not have security sercvices either.

  6. Database Security • Definition - What does Database Security mean? • Database security refers to the collective measures used to protect and secure a database or database management software from illegitimate use and malicious threats and attacks. • It is a broad term that includes a multitude of processes, tools and methodologies that ensure security within a database environment.

  7. Techopedia explains Database Security • Database security covers and enforces security on all aspects and components of databases. This includes: • Data stored in database ,Database server • Database management system (DBMS) • Other database workflow applications • Database security is generally planned, implemented and maintained by a database administrator and or other information security professional.

  8. Some of the ways database security is analyzed and implemented include: 1. Restricting unauthorized access and use by implementing strong and multifactor access and data management controls 2. Load/stress testing and capacity testing of a database to ensure it does not crash in a distributed denial of service (DDoS) attack or user overload 3. Physical security of the database server and backup equipment from theft and natural disasters 4. Reviewing existing system for any known or unknown vulnerabilities and defining and implementing a road map/plan to mitigate them

  9. Web Security • Web application security, is a branch of Information Security that deals specifically with security of websites, web applications and web services.

More Related