Professional Documents
Culture Documents
1
Outline of the Presentation
Internet Security
Cryptography
Firewalls
E-Commerce Challenges
E-Commerce Security
Global & Local Issues
2
Challenges to Security
Internet was never designed with security in mind.
3
Introduction
Two Major Developments During the Past Decade:
1. Widespread Computerization
2. Growing Networking and Internetworking
The Internet
Need for Automated Tools for Protecting Files and
Other Information.
Network and Internetwork Security refer to measures
needed to protect data during its transmission from
one computer to another in a network or from one
network to another in an internetwork.
4
…Continue
security is complex. Some reasons are:
Requirements for security services are:
Confidentiality
Authentication
Integrity
5
Cyber terrorists
In 1996 the Pentagon revealed that in the previous
year it had suffered some two hundred fifty thousand
attempted intrusions into its computers by hackers on
the Internet
Nearly a hundred sixty of the break-ins were
successful.
6
…Continue
Security Attacks:
1. Interruption
2. Interceptor
3. Modification
4. Fabrication
5. Viruses
Passive Attacks:
1. Interception confidentiality
1. Release of message contents
2. Traffic Analysis
7
…Continue
Active Attacks:
Interruption (availability)
Modification (integrity)
Fabrication (integrity)
8
Security Threats
1. Unauthorized access
2. Loss of message confidentiality or integrity
3. User Identification
4. Access Control
5. Players:
User community
Network Administration
6. The bigger the system, the safer it is
MVS mainframe users (5%)
UNIX users (25%)
Desktop users (50%)
9
Introduction to Security Risks
Hackers and crackers
10
The Main Security Risks
1. Data being stolen
Electronic mail can be intercepted and read
Customer’s credit card numbers may be read
2. Login/password and other access information
stolen
3. Operating system shutdown
4. File system corruption
5. User login information can be captured
11
Viruses
Unauthorized software being run
Games
12
Possible Security “Holes”
Passwords
Transmitted in plain text
Could be temporarily stored in unsafe files
Could be easy to guess
Directory structure
Access to system directories could be a threat
Passwords
1. Most important protection
2. Should be at least eight characters long
3. Use a mixture of alpha and numeric
4. Should not be able to be found in dictionary
should not be associated with you!
5. Change regularly
14
…Continue
Every transaction generates record in a security log
file
1. Might slow traffic and host computer
Tracks
1. Generates alarms when someone attempts to access secure
area
15
Cryptography
The Science of Secret writing.
Encryption: Data is transformed into unreadable form.
Decryption: Transforming the encrypted data back into its
original form.
Encryption
Plaintext Ciphertext
Decryption
16
Types of Cryptosystems
Conventional Cryptosystems
Secret key Cryptosystems.
One secret key for Encryption and Decryption.
Example: DES
17
Firewalls
1. A firewall is a barrier placed between the private network and
the outside world.
18
Firewall
Filter Filter
Schematic of a firewall
19
Firewall Types
(Router-Based)
1. Use programmable routers
2. Control traffic based on IP addresses or port
information.
Examples:
Bastion Configuration
Diode Configuration
To improve security:
1. Never allow in-band programming via Telnet to a
firewall router.
2. Firewall routers should never advertise their
presence to outside users.
20
Bastion Firewalls
External Secured
Router Router
Host PC
Internet Private
Internal
Network
21
Firewall Types
(Host-Based)
1. Use a computer instead of router.
2. More flexible (ability to log all activities)
3. Works at application level
4. Use specialized software applications and service
proxies.
5. Need specialized programs, only important services
will be supported.
22
…Continue
Example: Proxies and Host-Based Firewalls
Proxies and
Host running only proxy v
Host-Based ersions of FTP,Telnet and
Firewalls so on.
Internal
Network
Filtering
Router
Internet (Optimal)
23
Electronic Mail Security
E-mail is the most widely used application in the
Internet.
Who wants to read your mail ?
1. Business competitors
2. Reporters, Criminals
3. Friends and Family
24
E-mail Security
(PGP)
Available free worldwide in versions running on:
DOS/Windows
Unix
Macintosh
Based on:
RSA
IDEA
MD5
25
…Continue
Where to get PGP
Free from FTP site on the Internet
Licensed version from ViaCrypt in USA
26
E-mail Security
(PEM)
Used with SMTP.
Implemented at application layer.
Provides:
1. Disclosure protection
2. Originator authenticity
3. Message integrity
27
Summary of PGP Services
Function Algorithms used Description
Message IDEA, RSA A message is encrypted
encryption using IDEA . The session key
is encrypted using RSA
recipient’s public key.
28
E-Commerce: Challenges
Trusting others electronically
E-Commerce infrastructure
30
E-Commerce: Challenges
Trusting Others
Trusting the medium
1. Am I connected to the correct web site?
2. Is the right person using the other computer?
3. Did the appropriate party send the last email?
4. Did the last message get there in time, correctly?
31
E-Commerce: Solutions
Trusting Others
32
E-Commerce: Challenges
Security Threats
1. Authentication problems
Impersonation attacks
2. Privacy problems
Hacking and similar
attacks
3. Integrity problems
4. Repudiation problems
33
Secure Protocols
5. Others …
34
Secure Sockets Layer (SSL)
Platform and Application Independent
Operates between application and transport layers
Web Applications
Future
HTTP NNTP FTP Telnet Etc.
Apps
SSL
TCP/IP
35
Secure Sockets Layer (SSL)
Negotiates and employs essential functions for
secure transactions
1. Mutual Authentication
2. Data Encryption
3. Data Integrity
36
SSL 3.0 Layers
Record Layer
Fragmentation, Compression, Message Authentication (MA
C), Encryption
Alert Layer
close errors, message sequence errors, bad MACs, certificat
e errors
37
SSL Handshake
38
Why did SSL Succeed
Simple solution with many applications – e-business
and e-commerce
39
E-Commerce:
Challenges Connectivity and availability
Spoofing attacks
Attract users to other sites
1. Networking Products
2. Firewalls
3. Remote access and Virtual Private Networks (VPNs)
4. Encryption technologies
5. Public Key Infrastructure
6. Scanners, monitors and filters
7. Web products and applications
41
Encryption Technologies
Hardware assist to speed up performance
43
PKI
electronic authentication
certificates
44
PKI Architecture
DMZ ( DM Zone)
1 2 3
Cer tificate
Internet Certificate
Request
Applications Directory
Web Ser vers
Certificate
RA Zone Request
RAO Zone Status
Query 4
RA
RA DB Stations Store new
5
certificate,
6 CRL Update
RAO Stations CA Zone
(Operators at Consoles)
7
CA
CA DB Stations
8
47
What is Missing??
1. Solid architecture practices
ns
48
E-Commerce Architecture
Support for peak access
49
Proactive Security Design
1. Decide on what is permissible and what is right
2. Design a central policy, and enforce it everywhere
3. Enforce user identities and the use of credentials to
access resources
4. Monitor the network to evaluate the results
50
PKI and E-Commerce
application
51
E-Commerce: Are We Ready?
Infrastructure?
Security?
Arabic content?
52
E-Commerce: Future
Was expected to reach 37,500 (million US $) in 2002.
It reached 50,000 (million US $) in 1998
53