Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Computer & Web Security  Security Problems in Computer Use  Privacy-Protecting Techniques  Privacy-Protecting Technologies: cryptography, digital.

Published byAgnes Green Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Computer & Web Security  Security Problems in Computer Use  Privacy-Protecting Techniques  Privacy-Protecting Technologies: cryptography, digital."— Presentation transcript:

1 1 Computer & Web Security  Security Problems in Computer Use  Privacy-Protecting Techniques  Privacy-Protecting Technologies: cryptography, digital signatures & certificates, etc.

2 2 Computer Security: Basic Issues  Different dimensions of the security problem:  Securing hardware (e.g. via locks or tags) vs. securing software  Preventing damage through system failure (software or hardware) vs. preventing damage through malicious intentional actions (security attacks, theft)  We will mainly focus on preventing malicious intentional actions on the software level

3 3 Types of System Failure  Hardware: power outage, corrupted disks, hard drive crashes, etc.  Software:  Software crashes – a common problem (have you noticed?)  Software does not perform as intended/desired; note that this could be caused by user errors  While these problems cannot be completely avoided, damage can be greatly reduced…

4 4 Avoiding Severe Damage: Backups  Types of backup:  Level-zero backup: copy of the original system when first installed  Full backup: copy of every file on the computer  Incremental backup: copy of all modified files  Possible security risks: with automatic backup systems, deleting a file does not put it out of existence

5 5 Intentional Security Attacks  Security risks have greatly increased due to the Internet; no computer is an island  We focus on security issues related to the Internet, but this will also include basic security for the user’s computer

6 6 What do attackers want?  Scan your system for confidential documents  Corrupt information on your computer  Modify your operating system by creating security loopholes  Steal credit card numbers  Block access to your system (coordinated attack)  Press coverage

7 7 Big Brother is watching you - traces you leave in the Web I) User-provided information  Setting up an account with an online shop, purchasing tickets via the web  What legal restrictions govern the use of the information provided? (in the US: few)  What privacy policy does the vendor have? (the vendor’s web site should have some information about this!)  Note: even simple demographic information may be sufficient for identification (e.g. ZIP-code + birthday)

8 8 Further traces you leave II) Log files  Ubiquitous; lots of applications and network programs create log files of various activities the user performs  Web logs: files which are created on remote web server when a page is downloaded; information stored includes: IP address of the computer that downloaded the web page, time of requrest, URL requested, username (sometimes), refer link, web browser used  Mail logs: created by mail servers, contain at least to: and from:

9 9 III) Cookies  Text file left by a remote web server on your computer; the cookie is sent to the web server every time a web page from that server is requested  Allows the user to maintain a certain state while requesting different pages; example: shopping cart

10 10  Where are cookies stored?  Netscape Navigator: ~/.netscape/cookies  Microsoft Explorer: folder Cookies  Browser preferences can be adjusted so that you can refuse cookies when they are sent

11 11 IV) Web Bugs  Simple to program in HTML  This will alert the specified web server every time the page is viewed; outsourced web site monitoring  Useful for gathering web use statistics  Can also be used to check when HTML e-mails are read, or to send personal information encoded in URL (like Google puts search strings in URL)

12 12 Privacy-Protecting Techniques  Picking a good password (and not writing it down)  Passwords can be captured by password sniffers when they are transmitted over the network; beware of protocols which do NOT use encryption:  FTP (File Transfer Protocol)  HTTP (Hypertext Transfer Protocol)  POP (Post Office Protocol)  TELNET (Remote Terminal Protocol)  RLOGIN (Remote Login for UNIX machines)

13 13 More Privacy-Protecting Techniques  Avoiding Spam and Junk Mail  Don’t put your e-mail address on your home page, or write “pauly (and now this strange symbol) csc.liv.ac in you know which country)”  Take your e-mail out of online directories  Don’t post to public mailing lists  Pick an unusual username  Address Munging: pauly@csc.liv.ac.uk.nospam

14 14 Privacy-Protecting Technologies  Antispam Services: analyse your e-mail to check whether it is spam, using AI technology, whitelists + confirmation e-mails, etc.  Antispam Software: does the same, but runs on your computer; your mail stays where it belongs  Browsers allow you to refuse cookies

15 15 More Privacy-Protecting Technology  Anonymous Browsing – protecting your IP address  Use a public terminal (e.g. at a library)  Use a proxy server of your internet service provider; in this case, the proxy servers IP address is passed on  Use anonymous web browsing services; they usually work as proxy servers  Secure E-mail: encrypt messages before sending

16 16 Secure Sockets Layer (SSL)  Uses a cryptographic protocol for sending information over the web  Main usage with web pages https://…  Browsers will usually tell you whether the current page/document is “secure”  Example: Booking a flight with a credit card…

17 17 Cryptography Encryption Algorithm Encryption Decryption

18 18 Symmetric Key Algorithms  The same key is used for both encryption and decryption  Sometimes also called private key algorithms  Used for the bulk encryption of data  Algorithms are very fast & easy to implement  There are a large number of possible keys, hence encryption is difficult to crack, hence high level of secrecy

19 19  Example: using an 80-bit key, and assuming that 1 million keys per second can be searched, it will take approx. 38 billion years to try all keys  Common algorithms: DES, Blowfish, RC2, RC4, RC5  Problems:  parties have to share a secret & private key  Both parties need to have a copy of the key  I need a different key for every person I want to communicate with; (N 2 -N)/2 keys for N different users

20 20 Asymmetric Key Algorithms  Encryption and Decryption key differ  For encrypted messaging, encryption key is public and decryption key private  Public key can be published on your web page (see e.g. Benjamin Hirsch)  Also called public key algorithms  Algorithms are slower & more difficult to implement and analyse  Easier to attack than symmetric key algorithms  Common algorithms: DSA/DSS, RSA

21 21  A further advantage: asymmetric keys can be used for digital signatures, simply make the encryption key private and the decryption key public  Most “secure” protocols will use a mixture of both symmetric and asymmetric key cryptography  Example: Use asymmetric key cryptography to exchange a symmetric key, and use that key for encrypting the main data

22 22 Conclusions  Keys are still stored somewhere on the system  Hence, in spite of everything that’s been said, there is no perfect security  Still, you can be aware of the security risks, and of some of the ways to improve security

Download ppt "1 Computer & Web Security  Security Problems in Computer Use  Privacy-Protecting Techniques  Privacy-Protecting Technologies: cryptography, digital."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.

Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Security (Part 2) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 13, Thursday 4/5/2007)

Security (Part 2) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 13, Thursday 4/5/2007)
Cryptography: Keeping Your Information Safe. Information Assurance/Information Systems –What do we do? Keep information Safe Keep computers Safe –What.

Cryptography: Keeping Your Information Safe. Information Assurance/Information Systems –What do we do? Keep information Safe Keep computers Safe –What.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004
Web Design Terms and Concepts Ms. Scales. Q. What is a Server? A. A server is a computer that stores information many people can access. It runs special.

Web Design Terms and Concepts Ms. Scales. Q. What is a Server? A. A server is a computer that stores information many people can access. It runs special.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
1 6 Chapter 6 Implementing Security for Electronic Commerce.

1 6 Chapter 6 Implementing Security for Electronic Commerce.
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

Similar presentations

Ads by Google