1 / 43

INTERNET Security

INTERNET Security. COMPUTER, NETWORK & INTERNET SECURITY. Cryptography & Secure Transactions. Cryptography. Encrypt before sending, decrypt on receiving (plain text and cipher text). Cryptography & Secure Transactions. Cryptography.

sstacy
Download Presentation

INTERNET Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. INTERNET Security COMPUTER, NETWORK & INTERNET SECURITY

  2. Cryptography & Secure Transactions Cryptography • Encrypt before sending, decrypt on receiving (plain text and cipher text)

  3. Cryptography & Secure Transactions Cryptography All cryptosystems are based only on three Cryptographic Algorithms: Message Digest (MD2-4-5, SHA, SHA-1, …) Maps variable length plaintext into fixed length ciphertext No key usage, computationally infeasible to recover the plaintext Private KEY (Blowfish, DES, IDEA, RC2-4-5, Triple-DES, …) Encrypt and decrypt messages by using the same Secret Key PUBLIC KEY (DSA, RSA, …) Encrypt and decrypt messages by using two different Keys: Public Key, Private Key (coupled together)

  4. Cryptography & Secure Transactions Cryptography • Two components: key, and the algorithm • Algorithms are publicly known and Secrecy is in the Key • Key distribution must be secure Plaintext Encryption Ciphertext Decryption Plaintext &$*£(“!273 Hello World Hello World Key Key

  5. Cryptography & Secure Transactions Cryptography • Symmetric Key Cryptography (DES, Triple DES, RC4): KE =KD • Asymmetric Key Cryptography (RSA): KEKD

  6. Plaintext Encryption Ciphertext Decryption Plaintext Sender/Receiver’s Private Key Sender/Receiver’s Private Key Cryptography & Secure Transactions Private Key Cryptography • The Sender and Receiver share the same Key which is private

  7. Plaintext Encryption Ciphertext Decryption Plaintext Receiver’s Private Key Receiver’s Public Key Cryptography & Secure Transactions Public Key Cryptography • Both the Sender and Receiver have their Private Key and Public Key • Messages are encrypted using receiver’s Public Key and the receiver decrypts it using his/her Private Key

  8. Cryptography & Secure Transactions Digital Signature Message Message Digest Algorithm Digest Algorithm Hash Function Hash Function Digest Public Key Encryption Decryption Private Key Expected Digest Actual Digest Signature

  9. Cryptography & Secure Transactions Digital Certificate • Secure HTTP (HTTPS) communication is done using Public Key Cryptography • The public Keys are distributed using Digital Certificates • Digital Certificates contain the Public Key and is digitally signed by a trusted Certificate Authority (CA) like Verisign or Thawte

  10. CERTIFICATE Cryptography & Secure Transactions Digital Certificate Issuer Subject Subject Public Key Issuer Digital Signature

  11. Cryptography & Secure Transactions SET Architecture End User Web Site PaymentGateway CreditCard Company

  12. QUESTIONS?

  13. INTERNET Security INTERNET Security Threats • Hacking • DoS • Reconnaissance • Malware • Mail SPAM • Phishing • Botnets

  14. INTERNET Security Hacking • Unauthorized Access: From a small few thousand Rupees fraud using somebody’s Credit Card to Bringing down the economy by hacking into share market online trading servers • Intruders will take advantage of hidden features or bugs to gain access to the system. • Common types of Hacking attacks include: • Buffer Overflow attack to get root access • SSH Dictionary attack to get root access • Defacing website using apache vulnerabilities • Installing malicious codes

  15. INTERNET Security DoS • Denial of Service (DoS) attempts to collapse the service or resource to deny access to anyone. • Common types of DoS attacks: • ICMP Flooding • TCP SYN Flooding • UDP Flooding • Distributed Denial Of Service Attacks (DDOS) can be defined as a denial of service attack with several sources distributed along the Internet that focuses on the same target.

  16. INTERNET Security Reconnaissance • Reconnaissance attacks include • Ping Sweeps • DNS zone transfers • TCP or UDP port scans • Indexing of public web servers to find cgi holes

  17. INTERNET Security Malware • The Wikipedia definition of Malware is: “Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a blend of the words “malicious” and “software”. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.” • Different types of Malware are Viruses, Worms, Trojan Horses, Adwares, Spywares and any other malicious and unwanted software.

  18. INTERNET Security Malware: Virus • A computer virus is a self-replicating Computer Program written to alter the way a computer operates, without the permission or knowledge of the user. • It can damage the computer by damaging programs, deleting files, or reformatting the hard disk. It is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce by attaching to other programs and wreak havoc. • Viruses usually need human action to replicate and spread.

  19. INTERNET Security Malware: Worms • A computer worm is a self-replicating Computer program. • It uses a network to send copies of itself to other systems and it may do so without any user intervention. • Unlike a virus, it does not need to attach itself to an existing program. • Worms always harm the network (if only by consuming bandwidth), whereas viruses always infect or corrupt files on a targeted computer. • Today, worms are most commonly written for the Windows OS, although a small number are also written for Linux and Unix systems. • Worms work in the same basic way: they scan the network for computers with vulnerable network services, break in to those computers, and copy themselves over.

  20. INTERNET Security Malware: Trojan • A Trojan horse is a malicious program that is disguised as or embedded within legitimate software. • Broadly speaking, a Trojan horse is any program that invites the user to run it, but conceals a harmful or malicious payload. • The payload may take effect immediately and can lead to many undesirable effects, such as deleting all the user's files, or more commonly it may install further harmful software into the user's system to serve the creator's longer-term goals.

  21. INTERNET Security Malware: Spyware • Spyware is a general term used for software that performs certain behaviors such as advertising, collecting personal information, or changing the configuration of your computer, generally without appropriately obtaining your consent. • Spyware is often associated with software that displays advertisements (called adware) or software that tracks personal or sensitive information. • Other kinds of spyware make changes to your computer that can be annoying and can cause your computer slow down or crash. • There are a number of ways spyware or other unwanted software can get on your system. A common trick is to covertly install the software during the installation of other software you want such as a music or video file sharing program.

  22. INTERNET Security Mail Spam • Email that has been unsolicited, with no meaningful content to the receiver – Advertising – Research – Fraud / Schemes – Viruses (40% email is spam) • Spam are generated using – Open Mail Relays – Spammer Viruses & Trojans – Botnets

  23. INTERNET Security Phishing • Scam to steal valuable information such as credit cards, social security numbers, user IDs and passwords. • Official-looking e-mail sent to potential victims • Pretends to be from their ISP, retail store, etc., • Due to internal accounting errors or some other pretext, certain information must be updated to continue the service. • Link in e-mail message directs the user to a Web page • Asks for financial information • Page looks genuine • Easy to fake valid Web site • Any HTML page on the real Web can be copied and modified • The location of the page is changed regularly

  24. INTERNET Security Botnets • Bots are compromised machines which are executing malicious codes installed in them • A botnet is a collection of compromised computers—bots • They have become the major sources of Spam, Malwares, DoS attacks etc.

  25. QUESTIONS?

  26. INTERNET Security Prevention Techniques • Some of the prevention tools include: • Network Firewall • Host Firewall • IDS/IPS • Mail Antispam and Antivirus Appliances • UTM Appliances • Application and OS Hardening

  27. Firewall Firewall Basic Setup Internet Application Web Server Firewall Database

  28. Firewall Firewall Rules • IP Address of Source (Allow from Trusted Sources) • IP Address of Destination (Allow to trusted Destinations) • Application Port Number (Allow Mail but restrict Telnet) • Direction of Traffic (Allow outgoing traffic but restrict incoming traffic)

  29. Linux Security Firewall Rules To allow incoming and outgoing SMTP traffic: Direction Prot Src Dest Dest Src Action Addr Addr Port Port 1. outbound TCP internal external 25 >=1024 allow 2. inbound TCP external internal >=1024 25 allow 3. inbound TCP external internal 25 >=1024 allow 4. outbound TCP internal external >=1024 25 allow 5. * * * * * * deny

  30. Firewall Firewall Implementation • Hardware Firewall: Dedicated Hardware Box (Cisco PIX, Netscreen ) • Software Firewall: Installable on a Server (Checkpoint) • Host OSs (Windows XP/Linux) also provide software firewall features to protect the host

  31. Linux Security LINUX Firewall • Use GUI (Applications ->System Settings-> Security Level) to activate the firewall • Allow standard services and any specific port based application • All other services and ports are blocked

  32. Linux Security LINUX Firewall

  33. IDS/IPS IDS • An intrusion detection system is used to detect all types of malicious network traffic and computer usage that can't be detected by a conventional firewall. • It detects network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms).

  34. IDS/IPS IDS/IPS – What They Will Do • IDS/IPS use intrusion signatures to identify the intrusion. • Detect and Block Network and Application Scans Against a Network - Powerful Capability in Anticipating an Attack • Block Nearly all Forms of Denial of Service Attacks in Real Time • Completely Stop Brute Force, Password Cracks, Dictionary Attacks, etc. • Block Virus & Worm Propagation • Provide URL filtering and block Spyware

  35. IDS/IPS Antispam Firewall • Antispam Techniques include • DNS Black List • DNS Reverse Lookup (PTR) check • Subject & Body content • SMTP Callback • Rate Limiting • Personal Whitelist and Blacklist

  36. UTM UTM • UTM incorporates firewall, intrusion detection and prevention, Anti Spam and Anti Virus in one high-performance appliance

  37. Host Hardening Host Hardening • Web application hardening • Outbound filtering • Host hardening • Application and OS Patching

  38. QUESTIONS?

  39. INTERNET Security WLAN Security

  40. INTERNET Security WLAN Security • WLANs create a new set of security threats to enterprise networks such as • Sniffing • Rogue APs • Mis-configured APs • Soft APs • MAC Spoofing • Honeypot APs • DoS • Ad hoc Networks

  41. INTERNET Security WLAN Security • Techniques used to secure WLANs include • Do not broadcast SSID, • Use encryption (WEP, 802.1x) • Use WLAN Firewalls

  42. INTERNET Security WLAN Firewall

  43. QUESTIONS?

More Related