Internet of Things (IoT) based Smart Vehicle Security and ...
Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm...
-
Upload
francine-anderson -
Category
Documents
-
view
219 -
download
3
Transcript of Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm...
![Page 1: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/1.jpg)
Chapter 10
Security On The Internet
![Page 2: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/2.jpg)
Agenda
• Security
• Cryptography
• Privacy on Internet
• Virus & Worm
• Client-based Security
• Server-based Security
![Page 3: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/3.jpg)
Security
• Security and trust requirements
• Threats on the Internet
• Sources of the threats
• Security policy
![Page 4: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/4.jpg)
Security and Trust Requirements
• Confidentiality
• Integrity
• Availability
• Legitimate use
• Non-repudiation
![Page 5: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/5.jpg)
Threats on the Internet
• Loss of data integrity
• Loss of data privacy
• Loss of service
• Loss of control
![Page 6: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/6.jpg)
Sources of the Threats
• Hackers
• Cyber terrorists
• Employee error
• Missing procedures
• Wrongly configured software
![Page 7: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/7.jpg)
Hackers
• Monitoring the communication– Private information & password
• Steal hardware & software– Smart card or database
• Intercept the output of a monitor screen• Overloading the service• Trojan horses – virus• Masquerading (IP address spoofing)• Dustbin
![Page 8: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/8.jpg)
Hackers
• Bribe employee• Information of internal network or internal DNS
structure• Social Engineering
– Exploiting habits of employee– Pretending an employee – Organization chart– Phone book– Information gathering and social pressure
![Page 9: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/9.jpg)
Hackers
• Counter measurements– Firewall– Two-factor authentication (know and have)– Audit log file– Digital certificate (user or server)– Message encryption
![Page 10: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/10.jpg)
Cyber Terrorists
• Definition– Use computer resources to intimidate others
• Methods– Virus attack– Alteration of information– Cutting off Communication– Killing from a Distance– Spreading misinformation
![Page 11: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/11.jpg)
Cyber Terrorists
• Counter measurements– Commission of Critical Infrastructure
Protection– Disconnect mission critical systems from public
network– Firewall to monitor communication– The eternity service concept (duplication and
encryption)
![Page 12: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/12.jpg)
Security Policy
• List of resources needed to be protected
• Catalogue the threats for every resource
• A risk analysis (cost and benefit)
• Centralized authorization– Physical access control (policy & procedure)– Logical access control (policy & procedure)
• Test, review and update
![Page 13: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/13.jpg)
Agenda
• Security
• Cryptography
• Privacy on Internet
• Virus & Worm
• Client-based Security
• Server-based Security
![Page 14: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/14.jpg)
Cryptography
• Secret key
• Public key
• Steganography
• Applications
![Page 15: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/15.jpg)
Secret Key
• Symmetric cryptography
• A single key for encryption and decryption
• Use different medium for key and message
• Fast encryption and decryption
• Types– Stream ciphers: bit level– Block ciphers: pre-defined length into a block
![Page 16: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/16.jpg)
Public Key
• Asymmetric key cryptography• SRA algorithm: two distinct keys (private
and public) for every users• Public key decrypt messages encrypted with
private key• Long time to encrypt and decrypt message• RSA to encrypt the symmetric key which
encrypted the message
![Page 17: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/17.jpg)
Public Key
• Usages– Communication between web server and web
browsers for create session key– E-mail uses different public key for different
recipients
![Page 18: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/18.jpg)
Steganogrphy
• Hide information in the ordinary noise and digital systems of sounds and images
• Low quality of free software
• Higher quality for commercial software
• Law requirements for encryption and decryption
![Page 19: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/19.jpg)
Applications
• Enforce privacy– Storing the hash value of password
• Encrypting e-mail– Pretty Good Privacy (PGP): unbreakable– Secure Multipurpose Internet Mail Extensions
(S/MIME): ease to set up with less security– Separate the use of strong symmetric encryption
algorithms and e-mail software– WinZip: for e-mail read by multiple person and
password over the phone
![Page 20: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/20.jpg)
Applications
• Digital Signatures– Digital hash or digital code for each message– Encrypt the digital code with private key– Decrypt the digital code with public key– Digital time stamp (time and date) encrypted
with private key by third party
![Page 21: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/21.jpg)
Agenda
• Security
• Cryptography
• Privacy on Internet
• Virus & Worm
• Client-based Security
• Server-based Security
![Page 22: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/22.jpg)
Privacy on Internet
• Footprints on the Net
• TRUSTe
• The platform for privacy preferences
• Anonymity
![Page 23: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/23.jpg)
Footprints on the Net
• Request a web site– The name of the browser– The operating systems– Preferred language– The last visited web site– IP address and domain name– The client location– The screen resolution and number of colors
![Page 24: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/24.jpg)
Footprints on the Net
• Cookies– The password to open a site– A user name– An e-mail address– Purchasing information
![Page 25: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/25.jpg)
TRUSTe
• An independent, non-profit privacy organization issues online seal called “trustmark”
• To certify an online business is trustworthy, safe and allow checking the privacy practice by a third- party
• Hard to understanding the privacy information by end user
![Page 26: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/26.jpg)
The Platform for Privacy preferences
• Platform for Privacy Preference Project (P3P) by W3C
• Define a way for web site to inform the users of privacy practice before the first page
![Page 27: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/27.jpg)
Anonymity
• Anonymous remailers to replace the header of original e-mail with remailer’s
• Anonymizer
![Page 28: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/28.jpg)
Agenda
• Security
• Cryptography
• Privacy on Internet
• Virus & Worm
• Client-based Security
• Server-based Security
![Page 29: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/29.jpg)
Virus
• Types of viruses
• Virus damage
• Virus strategy
![Page 30: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/30.jpg)
Types of viruses
• Boot sector virus
• Executable virus
• Macro virus
• Hoax viruses and chain letter
![Page 31: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/31.jpg)
Virus Damage
• Annoying
• Harmless
• Harmful
• Destructive
![Page 32: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/32.jpg)
Virus Strategy
• Firewall• Anti-virus program
– Scanner– Shield– Cleaner
• Backup strategy• Education of employee with a frequently
asked questions (FAQ) page
![Page 33: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/33.jpg)
Agenda
• Security
• Cryptography
• Privacy on Internet
• Virus & Worm
• Client-based Security
• Server-based Security
![Page 34: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/34.jpg)
Client-based Security
• Digital certificates
• Smart card
• Biometric identification
![Page 35: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/35.jpg)
Digital Certificates
• Personal information (name and address) file encrypted and password-protected with public key and certification authority (name and validity period)
• Types– Browser and server: SSL encryption– Customer and merchant: SET encryption– Two e-mail partners: S/MIME
![Page 36: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/36.jpg)
Smart Cards• Uses electronically erasable programmable red
only memory (EEPROM)• Types
– Contact cards– Contactless cards– Combi cards
• Information Access– Read only– Add only– Modify or delete– Execution only
![Page 37: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/37.jpg)
Biometric Identification
• Physical characteristics or behavioral traits
• Issues– Acceptance– Accuracy– Cost– Privacy
![Page 38: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/38.jpg)
Agenda
• Security
• Cryptography
• Privacy on Internet
• Virus & Worm
• Client-based Security
• Server-based Security
![Page 39: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/39.jpg)
Server-based Security
• Isolation of web server• Application Proxies• Multi-layered firewall• A trusted operating systems (TOS)• Backup• Least privilege• Balance of power• A good audit system
![Page 40: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/40.jpg)
Trusted Operating Systems
• Types– Virtual Vault by Hewlett Packard– Trusted Solaris by Sun
• Features– Firewall– Intranet– Internet– Distributed system: data and program– Least privilege– Peak usage management– Multi level security– Audit system
![Page 41: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/41.jpg)
Audit System
• Adaptable
• Automated
• Configurable
• Dynamic
• Flexible
• Manageable
• System-wide
![Page 42: Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649cef5503460f949be29f/html5/thumbnails/42.jpg)
Points to Remeber
• Security
• Cryptography
• Privacy on Internet
• Virus & Worm
• Client-based Security
• Server-based Security