1 Kuliah 4 : Informed Search. 2 Outline Best-First Search Greedy Search A* Search.
Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search:...
Transcript of Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search:...
![Page 1: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/1.jpg)
Internet Security
BIT-301Internet Methodologies
By:-Inderjeet Singh
BIT-301, IM Internet Security 1
![Page 2: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/2.jpg)
Introduction
• Internet security is a branch of computer security specifically related to the Internet, often involving browser security but also network security on a more general level as it applies to other applications or operating systems on a whole.
• Its objective is to establish rules and measures to use against attacks over the Internet.
• The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud, such as phishing.
BIT-301, IM Internet Security 2
![Page 3: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/3.jpg)
Need of Internet Security
• Identity Theft• Non- repudiation • establish rules and measures to use
against attacks over the Internet.• high risk of intrusion or fraud, such
as phishing.
BIT-301, IM Internet Security 3
![Page 4: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/4.jpg)
BIT-301, IM Internet Security 4
What are Search Engines?• Designed to assist you in searching
through the enormous amount of information on the Web
• No single search tool has everything• Each engine is a large database which
utilizes different search techniques and tools (spiders or robots) to build indexes to the Internet (some also utilize submissions and administration)
![Page 5: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/5.jpg)
BIT-301, IM Internet Security 5
Which Search Engine?
• Yahoo• Altavista• Excite• Google• NorthernLights• Hotbot• Infoseek
![Page 6: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/6.jpg)
BIT-301, IM Internet Security 6
How to Choose
Consider• Size of the database (# of URLs)• Currency of the database
(updates)• Search interface• Help screens• Search features• Results listed (# of documents
retrieved)• Relevance of results
![Page 7: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/7.jpg)
BIT-301, IM Internet Security 7
More About Search Engines
• Searches for matching terms (keywords or several keywords)
• Results “ranked” by relevancy (for some)• Can search by
– subject or category– keyword
• Learn about each search engine’s description, options, and rules and restrictions
![Page 8: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/8.jpg)
BIT-301, IM Internet Security 8
GO TO
http://www.google.com/help.html
![Page 9: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/9.jpg)
BIT-301, IM Internet Security 9
Searches for exact matches Try different versions of your search
term Example: “Boston hotel” vs. “Boston
hotels”
Rephrase query Example: “cheap plane tickets” vs.
“cheap airplane tickets”
![Page 10: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/10.jpg)
BIT-301, IM Internet Security 10
• Automatically places “and” between words (expands search)
• To reduce search –– add more terms in original search
– refine search within the current search results. (adding terms to first words will return a subset of the original query)
• Exclude a word by using a – sign– Example: to search bass but not speaker bass –
speaker• Does not support “or” operator• Does not support “stemming” or “wildcard” searches• Not case sensitive
![Page 11: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/11.jpg)
BIT-301, IM Internet Security 11
• Explicit Phrase– Example Search: "inbound marketing“
• Exclude Words– Example Search: inbound marketing –advertising
• Site-Specific Search– Example Search: "inbound marketing"
site:www.smallbusinesshub.com
• Similar Words/ Synonyms– Example Search: "inbound marketing" ~professional
• Specific Document Types– Example Search: "inbound marketing" filetype:ppt
• This OR That– Example Search: inbound marketing OR advertising
• Phone Listing– Example Search: phonebook:617-555-1212
![Page 12: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/12.jpg)
BIT-301, IM Internet Security 12
• Numeric Ranges– Example Search: president 1940..1950
• Word Definition– Search Example: define:plethora
• Stock (Ticker ) Symbol– Search Example: define:plethora
• Calculator– Search Example: 48512 * 1.02
![Page 13: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/13.jpg)
BIT-301, IM Internet Security 13
• Finds street maps– Just enter a U.S. street address,
including zip code or city/state into the search box
– Google recognizes query as a map request
Try your address
![Page 14: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/14.jpg)
BIT-301, IM Internet Security 14
Phrase Searches and Connectors
• Phrase Searches are useful when searching for famous sayings or specific names “Gone with the Wind”
• Phrase Connectors are recognized– Hyphens– Slashes– Periods– Equal signs– Apostrophes
• Example: mother-in-law
![Page 15: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/15.jpg)
BIT-301, IM Internet Security 15
Stop Words• Stop words are ignored • These rarely help narrow and slow down
search– http– com– certain single digits– certain single letters
• to include stop words use [space]+• Example
– Star Wars, Episode 1 Star wars episode +1
– OS/2 OS/ +2***don’t forget the space before the + - signs
![Page 16: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/16.jpg)
BIT-301, IM Internet Security 16
How to Interpret Results
See Handout
![Page 17: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/17.jpg)
BIT-301, IM Internet Security 17
• Basic Search• Power Search• Industry Search• Investext Search• News
Approaches to Searching
![Page 18: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/18.jpg)
EDUC 478 Davina Pruitt-Mentle 18
“Meta” Search Tools• Multi-threaded search engines• Allows access to multiple databases
simultaneously or via a single interface• (-) Do not offer the same level of control
over search interface and logic as individual engines
• (+) Fast• (+) Improvements
– Results sorted by site used for search, or location of Website
– Able to select search engines to include– ability to modify results
![Page 19: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/19.jpg)
EDUC 478 Davina Pruitt-Mentle 19
Popular Meta-Search Engines
• Dogpile• Metacrawler• Profusion• SavvySearch
![Page 20: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/20.jpg)
EDUC 478 Davina Pruitt-Mentle 20
Subject-Specific Search Engines
• Do not index entire web• Focus within specific Websites/pages
within defined subject area, geographical area, type of resource
• Specialized search - depth rather than breath
![Page 21: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/21.jpg)
EDUC 478 Davina Pruitt-Mentle 21
Selected Subject-Specific Engines
Companies • Companies Online
(http://www.companiesonline.com/) • Hoover's Online (http://www.hoovers.com/) • Wall Street Research Net (http://www.wsrn.com/)
People (E-mail and Phone) • Bigfoot (http://bigfoot.com/) • WhoWhere? (http://www.whowhere.lycos.com) • Yahoo! People Search (http://people.yahoo.com/)
• Switchboard.Com (http://www.switchboard.com)
![Page 22: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/22.jpg)
EDUC 478 Davina Pruitt-Mentle 22
Selected Subject-Specific Engines
Images • The Amazing Picture Machine
(http://www.ncrtec.org/picture.htm) • Lycos Image Gallery
(http://www.lycos.com/picturethis/) • WebSeek
(http://disney.ctr.columbia.edu/webseek/)
• Yahoo! Image Surfer (http://ipix.yahoo.com/)
![Page 23: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/23.jpg)
EDUC 478 Davina Pruitt-Mentle 23
Selected Subject-Specific Engines
Jobs • Hotjobs.com (http://www.hotjobs.com/)• Monster.com (http://www.monster.com/) • The Riley Guide (http://www.rileyguide.com/)
Games • CNET Gamecenter.com
(http://www.gamecenter.com/) • Games Domain (http://www.gamesdomain.com/) • Gamesmania (http://www.gamesmania.com/) • GameSpot (http://www.gamespot.com/)
![Page 24: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/24.jpg)
EDUC 478 Davina Pruitt-Mentle 24
Selected Subject-Specific Engines
Software • Jumbo (http://www.jumbo.com) • Shareware.com (http://www.shareware.com) • ZDNet Downloads
(http://www.zdnet.com/downloads/) Health/Medicine • Achoo (http://www.achoo.com/) • BioMedNet (http://www.bmn.com/) • Combined Health Information Database
(http://chid.nih.gov/) • Mayo Clinic Health Oasis (http://www.mayohealth.org/) • Medical World Search (http://www.mwsearch.com/) • OnHealth (http://www.onhealth.com)
![Page 25: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/25.jpg)
EDUC 478 Davina Pruitt-Mentle 25
Selected Subject-Specific Engines
Education/Children's Sites • AOL NetFind Kids Only
(http://www.aol.com/netfind/kids/) • Blue Web'n
(http://www.kn.pacbell.com/wired/bluewebn/) • Education World (http://www.education-
world.com/) • Kid Info (http://www.kidinfo.com/) • Kids Domain (http://www.kidsdomain.com) • KidsClick! (http://sunsite.berkeley.edu/KidsClick!/) • Yahooligans! (http://www.yahooligans.com)
![Page 26: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/26.jpg)
EDUC 478 Davina Pruitt-Mentle 26
Subject Directories
• Hierarchically organized indexes of subject categories
• User can browse through lists of Websites by subject in search of relevant information
• Maintained by human• May include a search engine for
searching their own database
![Page 27: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/27.jpg)
EDUC 478 Davina Pruitt-Mentle 27
Examples of Subject Directories
• INFOMINE (Academic Scholarly Subject Directory - http://infomine.ucr.edu/)
• LookSmart• Lycos• Magellan
(http://www.magellan.excite.com/)• Open Directory
(http://www.dmoz.org/)• Yahoo Many of these have aspects of both search and
directory
![Page 28: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/28.jpg)
BIT-301, IM Internet Security
Cryptography
28
![Page 29: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/29.jpg)
BIT-301, IM Internet Security
Summary
• Symmetric Encryption• Public Encryption• Digital Signature• Key Distribution
29
![Page 30: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/30.jpg)
BIT-301, IM Internet Security
Basic Terminology
• plaintext - the original message • ciphertext - the coded message • cipher - algorithm for transforming plaintext to
ciphertext • key - info used in cipher known only to
sender/receiver • encipher (encrypt) - converting plaintext to
ciphertext • decipher (decrypt) - recovering ciphertext from
plaintext• cryptography - study of encryption
principles/methods• cryptanalysis (codebreaking) - the study of
principles/ methods of deciphering ciphertext without knowing key
• cryptology - the field of both cryptography and cryptanalysis
30
![Page 31: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/31.jpg)
BIT-301, IM Internet Security
The language of cryptography
symmetric key crypto: sender, receiver keys identicalpublic-key crypto: encryption key public, decryption
key secret (private)
plaintext plaintextciphertext
KA
encryptionalgorithm
decryption algorithm
Alice’s encryptionkey
Bob’s decryptionkey
KB
31
![Page 32: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/32.jpg)
BIT-301, IM Internet Security
Symmetric Encryption
• or conventional / secret-key / single-key
• sender and recipient share a common key
• all classical encryption algorithms are private-key
• was only type prior to invention of public-key in 1970’s
32
![Page 33: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/33.jpg)
BIT-301, IM Internet Security
Symmetric Cipher Model
33
![Page 34: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/34.jpg)
BIT-301, IM Internet Security
Symmetric Key Cryptography
symmetric key crypto: Bob and Alice share know same (symmetric) key: K
• e.g., key is knowing substitution pattern in mono alphabetic substitution cipher
plaintextciphertext
KA-B
encryptionalgorithm
decryption algorithm
A-B
KA-B
plaintextmessage, m
K (m)A-B
K (m)A-Bm = K ( )
A-B
34
![Page 35: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/35.jpg)
BIT-301, IM Internet Security
Requirements
• two requirements for secure use of symmetric encryption:– a strong encryption algorithm– a secret key known only to sender /
receiverY = EK(X)
X = DK(Y)
• assume encryption algorithm is known
• implies a secure channel to distribute key
35
![Page 36: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/36.jpg)
BIT-301, IM Internet Security
Cryptography
• can characterize by:– type of encryption operations used
• substitution / transposition / product
– number of keys used• single-key or private / two-key or public
– way in which plaintext is processed• block / stream
36
![Page 37: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/37.jpg)
BIT-301, IM Internet Security
Summary
• Symmetric encryption• Public encryption• Digital Signature• Key distribution
37
![Page 38: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/38.jpg)
BIT-301, IM Internet Security
Private-Key Cryptography
• traditional private/secret/single key cryptography uses one key
• shared by both sender and receiver • if this key is disclosed
communications are compromised • also is symmetric, parties are equal • hence does not protect sender from
receiver forging a message & claiming is sent by sender
38
![Page 39: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/39.jpg)
BIT-301, IM Internet Security
Public-Key Cryptography
• probably most significant advance in the 3000 year history of cryptography
• uses two keys – a public & a private key
• asymmetric since parties are not equal
• uses clever application of number theoretic concepts to function
• complements rather than replaces private key crypto
39
![Page 40: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/40.jpg)
BIT-301, IM Internet Security
Public-Key Cryptography
• public-key/two-key/asymmetric cryptography involves the use of two keys: – a public-key, which may be known by
anybody, and can be used to encrypt messages, and verify signatures
– a private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures
• is asymmetric because– those who encrypt messages or verify
signatures cannot decrypt messages or create signatures
40
![Page 41: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/41.jpg)
BIT-301, IM Internet Security
Public-Key Cryptography
41
![Page 42: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/42.jpg)
BIT-301, IM Internet Security
Public-Key Characteristics
• Public-Key algorithms rely on two keys with the characteristics that it is:– computationally infeasible to find
decryption key knowing only algorithm & encryption key
– computationally easy to en/decrypt messages when the relevant (en/decrypt) key is known
– either of the two related keys can be used for encryption, with the other used for decryption (in some schemes)
42
![Page 43: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/43.jpg)
BIT-301, IM Internet Security
Public-Key Cryptosystems
43
![Page 44: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/44.jpg)
BIT-301, IM Internet Security
Public-Key Applications
• can classify uses into 3 categories:– encryption/decryption (provide
secrecy)– digital signatures (provide
authentication)– key exchange (of session keys)
• some algorithms are suitable for all uses, others are specific to one
44
![Page 45: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/45.jpg)
BIT-301, IM Internet Security
Security of Public Key Schemes
• like private key schemes brute force exhaustive search attack is always theoretically possible
• but keys used are too large (>512bits) • security relies on a large enough
difference in difficulty between easy (en/decrypt) and hard (cryptanalysis) problems
• more generally the hard problem is known, its just made too hard to do in practise
• requires the use of very large numbers• hence is slow compared to secret key
schemes
45
![Page 46: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/46.jpg)
BIT-301, IM Internet Security
Summary
• Symmetric encryption• Public encryption• Digital Signature• Key distribution
46
![Page 47: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/47.jpg)
BIT-301, IM Internet Security
Digital Signatures
Cryptographic technique analogous to hand-written signatures.
• sender (Bob) digitally signs document, establishing he is document owner/creator.
• verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document
47
![Page 48: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/48.jpg)
BIT-301, IM Internet Security
Digital Signatures
Simple digital signature for message m:
• Bob signs m by encrypting with his private key KB, creating “signed” message, KB(m)
--
Dear AliceOh, how I have missed you. I think of you all the time! …(blah blah blah)
Bob
Bob’s message, m
Public keyencryptionalgorithm
Bob’s privatekey
K B-
Bob’s message, m, signed
(encrypted) with his private key
K B-(m)
48
![Page 49: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/49.jpg)
BIT-301, IM Internet Security
Digital Signatures (more)
• Suppose Alice receives msg m, digital signature KB(m)
• Alice verifies m signed by Bob by applying Bob’s public key KB to KB(m) then checks KB(KB(m) ) =
m.
• If KB(KB(m) ) = m, whoever signed m must have
used Bob’s private key.
+ +
-
-
- -
+
Alice thus verifies that: Bob signed m. No one else signed m. Bob signed m and not m’.
Non-repudiation: Alice can take m, and signature KB(m) to court and
prove that Bob signed m. -
49
![Page 50: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/50.jpg)
BIT-301, IM Internet Security
large message
mH: Hashfunction H(m)
digitalsignature(encrypt)
Bob’s private
key K B-
+
Bob sends digitally signed message:
Alice verifies signature and integrity of digitally signed message:
KB(H(m))-
encrypted msg digest
KB(H(m))-
encrypted msg digest
large message
m
H: Hashfunction
H(m)
digitalsignature(decrypt)
H(m)
Bob’s public
key K B+
equal ?
Digital signature = signed message digest
50
![Page 51: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/51.jpg)
BIT-301, IM Internet Security
Summary
• Symmetric encryption• Public encryption• Digital Signature• Key distribution
51
![Page 52: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/52.jpg)
BIT-301, IM Internet Security
Key Distribution
• symmetric schemes require both parties to share a common secret key
• issue is how to securely distribute this key
• often secure system failure due to a break in the key distribution scheme
52
![Page 53: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/53.jpg)
BIT-301, IM Internet Security
Key Distribution
• given parties A and B have various key distribution alternatives:
1. A can select key and physically deliver to B
2. third party can select & deliver key to A & B
3. if A & B have communicated previously can use previous key to encrypt a new key
4. if A & B have secure communications with a third party C, C can relay key between A & B
53
![Page 54: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/54.jpg)
BIT-301, IM Internet Security
Trusted Intermediaries
Symmetric key problem:• How do two entities
establish shared secret key over network?
Solution:• trusted key distribution
center (KDC) acting as intermediary between entities
Public key problem:• When Alice obtains
Bob’s public key (from web site, e-mail, diskette), how does she know it is Bob’s public key, not Trudy’s?
Solution:• trusted certification
authority (CA)
54
![Page 55: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/55.jpg)
BIT-301, IM Internet Security
Key Distribution Center (KDC)
• Alice, Bob need shared symmetric key.• KDC: server shares different secret key
with each registered user (many users)• Alice, Bob know own symmetric keys, KA-KDC
KB-KDC , for communicating with KDC.
KB-KDC
KX-KDC
KY-KDC
KZ-KDC
KP-KDC
KB-KDC
KA-KDC
KA-KDC
KP-KDC
KDC
55
![Page 56: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/56.jpg)
BIT-301, IM Internet Security
Key Distribution Center (KDC)
Aliceknows
R1
Bob knows to use R1 to communicate with Alice
Alice and Bob communicate: using R1 as session key for shared symmetric
encryption
Q: How does KDC allow Bob, Alice to determine shared symmetric secret key to communicate with each other?
KDC generates
R1
KB-KDC(A,R1)
KA-KDC(A,B)
KA-KDC(R1, KB-KDC(A,R1) )
56
![Page 57: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/57.jpg)
BIT-301, IM Internet Security
Key Management (public)
• public-key encryption helps address key distribution problems
• have two aspects of this:– distribution of public keys– use of public-key encryption to
distribute secret keys
57
![Page 58: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/58.jpg)
BIT-301, IM Internet Security
Distribution of Public Keys
• can be considered as using one of:– Public announcement– Publicly available directory– Public-key authority– Public-key certificates
58
![Page 59: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/59.jpg)
BIT-301, IM Internet Security
Public Announcement
• users distribute public keys to recipients or broadcast to community at large– eg. append PGP keys to email messages
or post to news groups or email list
• major weakness is forgery– anyone can create a key claiming to be
someone else and broadcast it– until forgery is discovered can
masquerade as claimed user
59
![Page 60: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/60.jpg)
BIT-301, IM Internet Security
Certification Authorities
• Certification authority (CA): binds public key to particular entity, E.
• E (person, router) registers its public key with CA.– E provides “proof of identity” to CA. – CA creates certificate binding E to its public key.– certificate containing E’s public key digitally
signed by CA – CA says “this is E’s public key”Bob’s public
key K B+
Bob’s identifying informatio
n
digitalsignature(encrypt)
CA private
key K CA-
K B+
certificate for Bob’s public
key, signed by CA60
![Page 61: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/61.jpg)
BIT-301, IM Internet Security
Certification Authorities
• When Alice wants Bob’s public key:– gets Bob’s certificate (Bob or
elsewhere).– apply CA’s public key to Bob’s
certificate, get Bob’s public key
Bob’s public
key K B+
digitalsignature(decrypt)
CA public
key K CA+
K B+
61
![Page 62: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/62.jpg)
BIT-301, IM Internet Security
A certificate contains:• Serial number (unique to issuer)• info about certificate owner, including
algorithm and key value itself (not shown)
• info about certificate issuer
• valid dates
• digital signature by issuer62
![Page 63: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/63.jpg)
BIT-301, IM Internet Security
Summary
• Symmetric encryption• Public encryption• Digital Signature• Key distribution
63
![Page 64: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/64.jpg)
Firewalls
• A choke point of control and monitoring • Interconnects networks with differing trust• Imposes restrictions on network services
– only authorized traffic is allowed
• Auditing and controlling access– can implement alarms for abnormal behavior
• Itself immune to penetration• Provides perimeter defence
BIT-301, IM Internet Security 64
![Page 65: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/65.jpg)
Packet Filter Firewall• A router with filtering capabilities• The firewall uses packet-filters (Access Control List-
ACLs) to drop or pass traffic• Stateful inspection– keep state of every TCP/UDP flow and allow reverse traffic– traffic from inside “opens” the firewall for incoming traffic
dynamically
• Example:– permit out on eth0 from 77.2.3.0/24 to any proto
tcp keep state– permit inout on eth0 proto icmp– deny default
BIT-301, IM Internet Security 65
![Page 66: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/66.jpg)
The ACK signifies that the packet is part of an ongoing conversation
Packets without the ACK are connection establishment messages, which we are only permitting from internal hosts
BIT-301, IM Internet Security 66
![Page 67: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/67.jpg)
Security & Performance of Packet Filters• Tiny fragment attacks
– Split TCP header info over several tiny packets
– Either discard or reassemble before check• Degradation depends on number of
rules applied at any point• Order rules so that most common traffic
is dealt with first• Correctness is more important than
speed
BIT-301, IM Internet Security 67
![Page 68: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/68.jpg)
BIT-301, IM Internet Security 68
![Page 69: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/69.jpg)
Proxy firewall / Application-levelgateway
• Firewall runs set of proxy programs– Proxies filter incoming, outgoing packets– All incoming traffic directed to firewall – All outgoing traffic appears to come from firewall
• Policy embedded in proxy programs• Two kinds of proxies
– Application-level gateways/proxies• Tailored to http, ftp, smtp, etc.
– Circuit-level gateways/proxies• Working on TCP level
BIT-301, IM Internet Security 69
![Page 70: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/70.jpg)
Proxy firewall / Application-levelgateway
BIT-301, IM Internet Security 70
![Page 71: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/71.jpg)
Demilitarized Zone• In computer security, a DMZ or demilitarized
zone (sometimes referred to as a perimeter network) is a physical or logical subnetwork that contains and exposes an organization's external-facing services to a larger and untrusted network, usually the Internet.
• The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external network node only has direct access to equipment in the DMZ, rather than any other part of the network.two levels of defence: defence in depth
• If a server is attacked, the intranet is still safe• Can be combined with application proxiesBIT-301, IM Internet Security 71
![Page 72: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/72.jpg)
Demilitarized Zone
BIT-301, IM Internet Security 72
![Page 73: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/73.jpg)
Application-Level Filtering• Has full access to protocol
– user requests service from proxy – proxy validates request as legal – then actions request and returns result to
user
• Need separate proxies for each service – E.g., SMTP (E-Mail)– NNTP (Net news)– DNS (Domain Name System)– NTP (Network Time Protocol)– custom services generally not supportedBIT-301, IM Internet Security 73
![Page 74: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/74.jpg)
App-level Firewall Architecture
Daemon spawns proxy when communication detected
Network Connection
Telnet daemon
SMTP daemon
FTP daemon
Telnet
proxy
FTP proxy SMTP
proxy
BIT-301, IM Internet Security 74
![Page 75: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/75.jpg)
Bastion Host
• A bastion host is a computer that is fully exposed to attack. The system is on the public side of the demilitarized zone (DMZ), unprotected by a firewall or filtering router.
• Frequently the roles of these systems are critical to the network security system.
BIT-301, IM Internet Security 75
![Page 76: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/76.jpg)
Where to Deploy App-level FirewallBastion Host: highly secure host system • Potentially exposed to "hostile"
elements • Hence is secured to withstand this
– Disable all non-required services; keep it simple
• Runs circuit / application level gateways – Install/modify services you want
• Or provides externally accessible services
BIT-301, IM Internet Security 76
![Page 77: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/77.jpg)
Screened Host Architecture• The screened host firewall combines a packet-filtering
router with an application gateway located on the protected subnet side of the router.
• The application gateway needs only one network interface. The application gateway's proxy services would pass TELNET, FTP, and other services for which proxies exist, to site systems. The router filters or screens inherently dangerous protocols from reaching the application gateway and site systems.
• It rejects (or accepts) application traffic according to the following rules: – application traffic from Internet sites to the application
gateway gets routed, – all other traffic from Internet sites gets rejected, and – the router rejects any application traffic originating from
the inside unless it came from the application gatewayBIT-301, IM Internet Security 77
![Page 78: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/78.jpg)
Screened Host Architecture
BIT-301, IM Internet Security 78
![Page 79: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/79.jpg)
Screened Subnet using Two Routers
• The outer router restricts Internet access to specific systems on the screened subnet, and blocks all other traffic to the Internet originating from systems that should not be originating connections (such as the modem pool, the information server, and site systems).
• The inner router passes traffic to and from systems on the screened subnet according to the following rules:
– application traffic from the application gateway to site systems gets routed,
– e-mail traffic from the e-mail server to site systems gets routed, – application traffic to the application gateway from site systems
get routed, – e-mail traffic from site systems to the e-mail server gets routed, – ftp, gopher, etc., traffic from site systems to the information
server gets routed, – all other traffic gets rejected.
BIT-301, IM Internet Security 79
![Page 80: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/80.jpg)
Screened Subnet Using Two Routers
BIT-301, IM Internet Security 80
![Page 81: Internet Securityinderjeetsinghit/im_notes/im_theory/third_session... · – Example Search: inbound marketing OR advertising • Phone Listing – Example Search: phonebook:617-555-1212.](https://reader036.fdocuments.in/reader036/viewer/2022090606/605b3d395c709a5c303cde94/html5/thumbnails/81.jpg)
Firewall Design Criteria• There is no absolute security
– It is always a question of economics
• Defense in depth– place several firewalls after each other
• Weakest link– The strength of your security system is bounded by
the weakness of your weakest link
• Least privilege– Give the smallest amount of privilege possible
• Fail safe– Even if everything is going wrong, the security system
should not leave any security hole in the system.
• Keep it simple!BIT-301, IM Internet Security 81