Download presentation
Presentation is loading. Please wait.
1
Internet Security Terms and Techniques Chris Avram Faculty of Information Technology Monash University 1U-Cubed ‘99Chris Avram
2
Security is u Confidentiality – only those authorised have access to data u Authentication – the identity claimed can be verified u Availability – access is available as and when required u Integrity – information is modified only as it should be 2U-Cubed ‘99Chris Avram
3
Security is needed for u Legal and ethical need – OECD privacy guidelines – Australian privacy act and commission – OECD guidelines for security of information u Technical need – electronic commerce – public networks – packet switched networks 3U-Cubed ‘99Chris Avram
4
Internet strategy u Local area network u Wide area network u Internet - global network – customer/client access – inter-organisation systems u Intranet – Internet technology for WAN – Virtual Private Network 4U-Cubed ‘99Chris Avram
5
The networked organisation LAN Internet customers LAN SOHO Legend Another organisation Secure line Insecure 5U-Cubed ‘99Chris Avram
6
Current security measures u Passwords to identify users/clients – access restricted to logged on users – Netware, NT encrypt passwords – eaves dropping on other P/Ws possible u Physical access controls – guarantees server identity – reduces electronic eaves dropping 6U-Cubed ‘99Chris Avram
7
Threats u Impersonation – of clients – of servers u Passive electronic eaves dropping u Modification of information in transit u Traffic analysis u Denial of service 7U-Cubed ‘99Chris Avram
8
Solutions u Public key crypto-systems – allow electronic signature and verification – allow confidential exchange of information u Certificates – signed by a certificate authority (CA) – proof of identity » containing a public key u SSL (for WWW), S-Mime (for Email) 8U-Cubed ‘99Chris Avram
9
Public key crypto-systems Send message Receive message Secret key Public key Public key directory Make Keys Eavesdropper #$@!&*^##% 9U-Cubed ‘99Chris Avram
10
Public key signature-systems Sign message Check signature Secret key Public key Public key directory Make Keys Fraudster clear message:$@!*^##% 10U-Cubed ‘99Chris Avram
11
Certificates Certificate Authority Client Server Signed server certificate #$%^@$%^&# Signed server certificate CA public key Source http://www.x509.com/ Certificate request 11U-Cubed ‘99Chris Avram Past Present
12
Secure links ClientServer Info. Request Certificate #@$%^$#@ #$%^&*%$@ eg. Visa number time eg. fee for service info. 12U-Cubed ‘99Chris Avram
13
Certificate authorities - Public u Public CAs – Australia Post (product sales on hold) – VeriSign – UPS and others Customers will get browsers with CA certificates included $US350-1,300 per server per annum 13U-Cubed ‘99Chris Avram
14
Certificate authorities - Private u CA Software from » Netscape » X509.com » Microsoft u Organisation – chooses level of proof of identity – makes CA certificates available, manages revocation list No ongoing fees 14U-Cubed ‘99Chris Avram
15
Recommendation u If an organisation plans to use the Internet for more than the distribution of public information – eg. selling, collecting $ or personals, customer confidential communications u Then it should consider running a private certificate authority: – 1. Create a secure version of your WWW server – 2. Install CA software – 3. Begin testing with selected mobile staff 15U-Cubed ‘99Chris Avram
16
Reference u VeriSign http://www.verisign.com/ u CA demo http://www.x509.com/ u Secure WWW servers – Microsoft – Netscapehttp://home.netscape.com/ – Apache http://www.apache.org/ u SSL capable WWW client Netscape 2.02 or later, Microsoft Internet Explorer 3.0 or later u This file is http://www.ct.monash.edu.au/~cavram/papers/u3/ 16U-Cubed ‘99Chris Avram
Similar presentations
