Post on 21-Dec-2015
1
Pertemuan 10 Network Security and E-Commerce
Matakuliah : M0284/Teknologi & Infrastruktur E-Business
Tahun : 2005
Versi : <<versi/revisi>>
3
Virus Protection
• Virus Categories– File infectors– System or boot-record infectors– Macro viruses– Worms
4
Virus Protection
• Backup and Recovery– Organizations need to have clear procedures for
backup and recovery.• Onsite • Offsite• Timed
– Organization must enforce these procedures.– Take advantage of new technologies
• Compression• Optical storage
– Clear recovery procedures
5
Firewalls
• Necessary for Enterprise and service providers, Small offices, and consumers having access to Internet.
• Design Goals of a Firewall:– Control the traffic from inside to outside and vice
versa.– Establish local security policies.– Avoid penetration through simplicity.
• Clear set of rules• Easily maintained• Assigned responsibilities
6
Firewalls
• Firewalls can be Classified in:– Packet Filtering Router– Circuit-Level Gateways– Application-Level Gateways
• Proxy Servers
7
FirewallsPacket Filtering Router
• Applies a set of rules to all incoming packets• Filtering rules are based on the fields of the
packet.
8
FirewallsCircuit-Level Gateway
• Establishes connections between users on the outside and users on the inside.
• No direct end-to-end links, TCP redirection.
• Does not provides network-layer services.
9
Firewalls
• Multilevel Firewalls– Based on fact that intruder can be repelled
by multiple layers of defense or at least slowed down.
10
FirewallsApplication-Level Gateway
• Establishes connections at the application level.
• Stricter security than packet filtering.
• Proxy servers are functionally similar.
• Proxy servers also act as cache servers to enhance performance.
11
Security Audit
• Security audits feature– Top-Down interviews– Identification of deviation from existing
policies.– Analysis using proven security practices
methodology (SPM).
• Many companies outsource audits.– Based on costs– Based on skills
12
Security Levels
• Security of the Organization– Select the right solution– Intrusion detection
• Security of the Client– Protection at the browser– Protection through virtual private network
• Security of the Third Party– Distributed Denial Of Service Attacks (DDOS)– Filtering outbound traffic
13
Security Levels - Clients
• Connections to the Internet are not anonymous.– Privacy issues
• Transactions may leave residual information.– Caching– Cookies– Log
15
Directory Services
• Definition– A network service that identifies all resources on a
network and makes them accessible to users and applications.
• Standards– X.500 is an ISO and ITU standard that defines how
global directories should be structured. X.500 directories are hierarchical
– LDAP was conceived of as a way to simplify access to a directory service that was modeled according to the X.500 standards. LDAP has emerged as the solution needed to make global directory services a reality.
16
Directory Services
• Current products– Number based on Lightweight Directory
Access Protocol (LDAP)– CP: Injoin Directory Server v3.X – NETSCAPE: iPlanet Directory Server 4.11 – NOVELL: NDS eDirectory Version 8.X – ORACLE: Oracle Internet Directory 2.X – Microsoft Active Directory Service
17
Directory Services
• Single Sign-On– A user needs only one user ID and password, which
eliminates the security headaches and vulnerabilities associated with multiple IDs/passwords.
– Frees security administrators from the mundane task of assigning passwords
– Single Sign-On should work across all platforms, databases, and applications and includes out-of-the-box support for third-party technologies such as Authentication, PKI, and smart cards.