Network Security (the Internet Security)

Slides:



Advertisements
Similar presentations
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
Advertisements

Kittiphan Techakittiroj (21/05/58 10:00 น. 21/05/58 10:00 น. 21/05/58 10:00 น.) Firewall Kittiphan Techakittiroj
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security+ Guide to Network Security Fundamentals
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Risks, Controls and Security Measures
Web server security Dr Jim Briggs WEBP security1.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Chapter 19 Security.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Kittiphan Techakittiroj (24/08/58 22:49 น. 24/08/58 22:49 น. 24/08/58 22:49 น.) Digital Certification Kittiphan Techakittiroj
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj
1/28/2010 Network Plus Security Review Identify and Describe Security Risks People –Phishing –Passwords Transmissions –Man in middle –Packet sniffing.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Information Security What is Information Security?
Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.
Database Security Tampere University of Technology, Introduction to Databases. Oleg Esin.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.
E-Commerce & Bank Security By: Mark Reed COSC 480.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Chapter 40 Internet Security.
Securing Information Systems
IPSec Detailed Description and VPN
Chapter 5 Electronic Commerce | Security Threats - Solution
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
Secure Software Confidentiality Integrity Data Security Authentication
CAN A DATABASE REALLY BE SECURE?
Lecture 5. Security Threats
Lesson Objectives Aims You should be able to:
Chapter 17 Risks, Security and Disaster Recovery
Chapter 5 Electronic Commerce | Security Threats - Solution
Module 8: Securing Network Traffic by Using IPSec and Certificates
Chapter 5 Electronic Commerce | Security
Kittiphan Techakittiroj
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Answer the questions to reveal the blocks and guess the picture.
BY GAWARE S.R. DEPT.OF COMP.SCI
Security of a Local Area Network
Tool Server Workstation Router Universal
Security in Networking
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
امنیت شبکه علی فانیان
Chapter 5 Electronic Commerce | Security
INFORMATION SYSTEMS SECURITY and CONTROL
How to Mitigate the Consequences What are the Countermeasures?
Module 8: Securing Network Traffic by Using IPSec and Certificates
Introduction to Network Security
Unit 8 Network Security.
Advanced Computer Networks
Designing IIS Security (IIS – Internet Information Service)
Test 3 review FTP & Cybersecurity
Mohammad Alauthman Computer Security Mohammad Alauthman
E-business and Network Security
Introduction to Course
Session 1 – Introduction to Information Security
Introduction to Networking Security
Presentation transcript:

Network Security (the Internet Security) Kittiphan Techakittiroj engktc@au.ac.th

Goals of Security Ensure the only authorized individuals have access to information Preventing unauthorized creation, alteration, or destruction of data Ensuring that legimate users are not denied access to information Ensuring that resources are used in legitimate way

Classication of Security Communication security signal Computer security user permission file sharing access control

Classication of Security Classication of Security (secondary) Physical security: locks on doors, access badges, biometrics Personnel security: employee screening Administrative security: investigation of security breaches, policy Information/data security: controlling the reporduction of sensitive material Online security: controlling access to online data

Classication of Security Violation Cracking Spoofing Snooping Social Engineering Denial of Service

Classification of Security Violation Cracking Often called as “Hacking” Break through the security by using the knowledge of Software Engineer Computer Network Operating System etc.

Classification of Security Violation: Cracking Cracker few real crackers (super crackers) other cracker used asking expert public available information (WWW) protected by security report patches, updates and hot fixes

Classification of Security Violation Spoofing Act as the others, e.g. fake e-mail: e.g. sending an e-mail by pretending to be other (theoritical can be any name) fake IP: e.g. to gain accesses to the prohibit area http://www.data.com/roundups/images/vpn_servers_figure1.html

Classification of Security Violation Spoofing Starting point for other security violation False information protected by digital signature digital certification

Classification of Security Violation Snooping Steal information during transmission Hardware: Packet Sniffer usually need access to the physical network Software: capture keystroke

Classification of Security Violation Snooping cont. Other: Trashing (happened to credit card number) protected by: encryption security access control

Classification of Security Violation Social Engineering Talking between user and cracker Serious and Common protected by: policy knowledge of users

Classification of Security Violation Denial of Service attack the weakness of the network, e.g. spamming e-mail (mail bomb) spamming web request WinNuke protected by: hot fixes & patches firewall logging system

Benefit of Security Confidentiality Authentication (including access control) Message Digest (including data integrity) protect unknown modification, e.g. virus sampling keywords of the information and do the encryption Non-repudiation: digital signature & certification

Potential Security Risk Lack of safeguards poorly configured & administered systems basic security problems with communication protocol (IP, TCP, UDP) faulty service program basic security problem with service programs (WWW, FTP)

General rules for Protection software current & update fixed & patch & upgrade encrypt sensitive information train user & administrator password & security policy monitoring: 100% monitor --> 100% secure

Standard Technology on Security General rules for Protection Standard Technology on Security firewall: packet filtering & proxy encryption VPN (virtual private network) digital signature & certification SET S-HTTP

Emerging Technology on Security General rules for Protection Emerging Technology on Security encryption IPSec (IP Security Protocol) SSL or TLS (Transport Layer Security) CDSA (Common Data Security Architecture) XBSS (Baseline Security Services) XDAS (Distribute Audit Service) XSSO (Single Sign On)

Reference Books Developing Secure Commerce Applications by Online O’Reilly Web Development Courses (http://208.233.153.3/oreilly/security/westnet: 1999)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.