Presentation is loading. Please wait.

Presentation is loading. Please wait.

January 2011 As a precaution, re-check the exam time in early January. Various rooms are used, your room will be on your personal timetable, available.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "January 2011 As a precaution, re-check the exam time in early January. Various rooms are used, your room will be on your personal timetable, available."— Presentation transcript:

1 January 2011 As a precaution, re-check the exam time in early January. Various rooms are used, your room will be on your personal timetable, available via myUWE. Exam Format: – Section A 1compulsory question worth 40 marks. This is the browser security –Section B Answer 3 questions from 5, 20 marks each

2 Question Format With the exception of the browser security question, all questions are in 2 or 3 parts. Approximately speaking, 40% (ish) of the marks for the question (i.e. part 1) ask you to demonstrate underpinning knowledge –i.e. what? type questions The second part (60%) asks you to evaluate the underpinning knowledge and/or asks you to apply the knowledge to solve a problem –Why?/what if? type questions

3 Section A: Browser Security Web browsers can be the hacker’s window in to your computer. With reference to TWO of the following browsers: MicroSoft Iternet Explorer v 7 Mozilla FireFox v 3.5 Google Chrome v 4 Apple Safari v4 Discuss the range of vulnerabilities that the browsers are subject to and the steps that the vendors have taken to address these vulnerabilities. Your discussion should include a consideration of the treatment of the threat posed by mobile code and plug-ins. Draw a conclusion about which, if either, of your chosen browsers is the more secure. Marks will be awarded for: The depth and coherence of your discussion The use of evidence to support your assertions. Reference to professional and academic literature. Note that you are not expected to use full Harvard referencing but you are expected to give sufficient detail that your reference could be verified. 40 marks

4 Revision Sources Lecture slides Tutorial/lab worksheets Your notes Text book On-line resources as indicated during the module.

5 Threats, Countermeasures and Over-arching Security Aims Types of attack –Insider/outsider Threats –Possible counter measures Aims of Security Services –Authentication –Access Control –Confidentiality –Data Integrity –Non-repudiation –Availability Underpinned by mechanisms

6 Encryption and Message Confidentiality Symmetric Encryption (aka secret-key/single-key/conventional) Same key for both encryption and decryption Plaintext, encryption algorithm, secret key, ciphertext, decryption algorithm Fiestel cipher structure DES (Data Encryption Standard) + others – strengths/weaknesses (key distribution) –operations used

7 Authentication and Public-Key Cryptography Authentication –Message authentication code Encrypted message part –Hash functions Without/without encryption Public key encrytion –Useful for? –Weaknesses? X509 certificates Key management

8 Kerberos General function –Authentication Service Enables servers to restrict access to authorised users Enables servers to authenticate service requests and to prove their identity to clients Protocol Single login Uses an authentication server and the notion of “tickets” –How does the ticket server know that the ticket belongs to the entity presenting it? Uses symmetric encryption –Why?? –How?

9 PGP (and S/MIME) General function –E-mail Security by providing an authentication and/or confidentiality service (+ others) Freely available Platform independent 4 types of key Protocol details Integrity checks Key management – Web of trust. How does this work?

10 IPsec General function –Provides low-level (IP layer) security (what can of “security??” to some or all IP traffic (how?) –Advantages/disadvantages Uses for Anti-replay achieved by? Components of IPSec AH/ESP Transport mode Tunnel mode

11 Web Security General function –Allows security services to be tailored to the requirements of a particular application Secure Socket Layer (SSL) –TSL –Handshake protocol Effectiveness of SSL? –What security attacks does it protect against? Secure Electronic Transaction (SET) –Participating parties? –Differences compared to SSL?

12 Viruses and Malicious Software General function –“Classic” virus structure –Co-evolution of virus/anti-virus writing Types of malicious software Approaches to virus detection –Signature scanner –Heuristic scanner –Activity trap –Combination Countermeasures

13 Security Policy Reasons for Steps involved in the establishment General contents

14 Good Luck!

Download ppt "January 2011 As a precaution, re-check the exam time in early January. Various rooms are used, your room will be on your personal timetable, available."

Similar presentations

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security

Cryptography and Network Security
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Chapter 8 Network Security 4/17/2017 www.noteshit.com.

Chapter 8 Network Security 4/17/2017
Chapter 8 Web Security.

Chapter 8 Web Security.
NETWORK SECURITY.

NETWORK SECURITY.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Similar presentations

Ads by Google