Welingkar’s Distance Learning Division
Electronic Security
We Learn – A Continuous Learning Forum
Electronic Security
Classification of Intruders
Intruders type
Hackers Hackers
Freakers Freakers
Crackers Crackers
Victimised Firms
• Banks• Financial companies• Insurance companies• Brokerage houses• Consultants• Network Service Providers• Textile Business• Wholesale/Retail traders
• Government contractors• Government agencies• Hospitals• Medical laboratories• Utility companies• Universities
Attacking Methods• Gaining access to user’s account• Gaining privileged access• Using the victim‘s system as a platform for attacks on other sites. • Duration of the accomplishment :• Manually in less than 45 seconds• With automation, the time is still less.• By the attack varies : • A minnor loss of time in recovering from the problem .• A decrease in productivity.
• A significant loss of credibility or market opportunity.• A buisness no longer able to complete.• Legal liability and• Loss of life
Three basic security concepts
• Confidentiality• Integrity and• Availability
Concepts relating to the people who use the information are :
• Authentication
• Authorisation
• Non-repudiation
Classification of Incidents
• Probe• Scan• Account compromise• Packet sniffer• Denial of service
• Exploitation of trust• Root compromise• Destruction or Alteration of configuration
information • Malicious code• Internet infrastructure attack
Data Network
Transport Layer
Session Layer
Presentation Layer
Application Layer
User Application
SSL Record Protocol
Physical Layer
Link Layer
Network Layer
SSL Handshake Protocol
SSL Protocol
Plain Data Stream
Encrypted Data Packets
ISO Reference Model
Distributed Data Sources
Physical connection to network hardware
Network Independent messages
Relationship between SSL & ISO Reference Model
Ten Practical Tips to Secure E-Commerce - 1
• Use latest version of the browser• Install SSL• Ensure ISP has a security system• Look for signs of trust• Shop with familiar companies• Look for easy to find security information & a
privacy statement
Ten Practical Tips to Secure E-Commerce - 2
• Pay by credit card• Keep a record• Look for information about ‘cookies’ and • Find out what information the site collects
you
Security Tools - 1
• Secure transport stacks• Kerberos• Secure transactions
over the Internet• UNIX Security• Password Security
Systems
Security Tools - 2
• Electronic Mail SMTP PEM PGP• Server security• Trusting Binaries
Kerberos Authentication Process -1
Credentials
A Ticket for the serverA temporary
encryption keyThe session key
Kerebos - 2
Limitations Vulnerability of
passwordsNeed for
synchronised clocksWeak assurances
against repudiation
UNIX Security
• User passwords• File access• Directory access• File encryption and• Security on passwords files
Biometrics
• Fingerprints• Signature Dynamics• Voice verification• Keystroke Dynamics• Facial Features
E- MAIL Advantages
oSend message in no time anywhere in the worldoFor getting on & staying on the InternetoCan be handled by a variety of programsoEasy and inexpensiveoIncreasingly used for both internal & external
corporatesoE-mail to fax & fax to e-mail is possible
Top Related