Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Security: –Security means, Protection against, –Some kind of Threat (Danger).

Published byEunice Adams Modified over 10 years ago

Similar presentations

Presentation on theme: "Security Security: –Security means, Protection against, –Some kind of Threat (Danger)."— Presentation transcript:

1 Security Security: –Security means, Protection against, –Some kind of Threat (Danger).

2 Security Security: –Scenario: Few years ago: It was only about a Computer / PC security which was obtained by, –Using physical controls over access to computers. Tools to secure computers were: –Alarmed Doors and Windows. –Security Guards. –Security Badges to admit people to sensitive areas. –Surveillance cameras. Mainly dealing with, –Physical Security. –Scenario: Today: It’s not about a Computer/PC security but, –All about Computer Network Security. Physical security is just one aspect of security and, Along with Physical security, one more aspect of security needs to be considered: –Logical Security

3 Network Security Network Security: –2 general types of security: Physical Security: –Protection against physical threats/dangers such as: »Unauthorized Person such as Thief etc. »Unauthorized Device such as CD, Pen Drive etc. Logical Security: –Protection against logical/software/electronic threats/dangers such as: »Viruses, Worms, Spywares etc. –Note: Physical security is the first step to any kind of security because, –If a PC is not ‘Physically’ secure, it can never be secured ‘Logically’.

4 Network Security Physical Security: –Measures to control Physical Access to Networks and improve Physical Security: Basic measures: –Locked Rooms, Security Alarms, CCTV Cameras, Security Badges for Authorized Persons. Advanced measures: –Writing pads that detect the form and pressure of a person writing a signature. –Biometric Devices such as: »Fingerprint Scanner, Face Recognition, Eye/Retina Scanner, Palm Scanner.

5 Network Security Physical Security: –Apart from the normal physical security such as guards, surveillance systems, Many companies maintain backup copies of server contents at a remote location. In case of a disaster, –The operations can be switched over in a matter of seconds to the backup location.

6 Network Security Logical Security: –Need: Internet/Network was always designed to be, –Redundant because, »Packets travel through different uncontrolled paths, And was never designed to be, –Secure. –Hence ‘Logical Security’ is something which is, Not a inherent (inbuilt) part of Network.

7 Logical Security Measures for Logical Security: –IDs and Passwords: Provide authentication credentials to every user of the system in the form of: –IDs and Passwords Even after successful login, –Allow access to only certain required applications by giving, »Selected ‘Rights/Permissions’ to the users. Apply ‘Time-of-Day’ restrictions to users and applications so that, –Available on weekdays but offline on weekends.

8 Logical Security IDs and Passwords: –Tips to Select & Protect IDs and Passwords: Select a password which is, –At least 8 characters long and, »Including all types of symbols such as lowercase, uppercase, numbers and special characters. Password should be selected in such a way so that it is, –Not easily guessable/identifiable such as, »Name of spouse, children, phone number, as a password. Change the passwords, –Periodically or at regular intervals. Log (Store) and check all the unsuccessful login attempts and, –Block the ID if unsuccessful login attempts increase beyond a certain threshold (level) because, –A pattern of attempted but unsuccessful logins might signal that an unauthorized user is trying to access the network.

9 Logical Security Hello Ifmmp Hello Ifmmp Hello Encryption / Decryption Sender Receiver 3 rd person Cryptography

10 Encryption (Example) Transfer One Lakh Rupees To Account 756 VIOLIN 615324 rrLuTo5snheAt nOke n fe sc a apou6Te R c7 Transfer One Lakh Rupees To Account 756 SENDERRECEIVER Key: Algorithm: Encryption Decryption VIOLIN Transf erOne Lakh Rupees ToAc count 756

11 Logical Security Measures for Logical Security: –Encryption: Coding / Locking of information by using: –A mathematically based program (Algorithm) AND –A secret key, »To produce a string of characters that is, »Unintelligible (Not understandable). Similar to, –Scrambling that is done on the premium cable channels. –If the cable user pays an extra fee, »The cable company unscrambles the signal for that user by, »Sending over the KEY.

12 Logical Security Measures for Logical Security: –Cryptography: Science that studies encryption / decryption. Comes from 2 Greek words: –krypto: secret –grapho: writing

13 Cryptography Hello Encryption Sender Receiver Ifmmp Decryption Plaintext Ciphertext Same Keys & Private Symmetric Key Encryption / Challenge/Disadvantage: Difficult to exchange ‘KEY’ itself securely at the first place. Private Key Cryptography Advantage: Anyone can easily generate a Symmetric Key. 2-way secure communication is possible using a single Symmetric Key.

14 Cryptography ASymmetric Key Encryption /Public Key Cryptography Sender2 Receiver Sender1 Sender3 Private Key Public Key Encryption Decryption Different Keys Public, Private Hello Ifmmp Hello Challenge/Disadvantage: With 2 keys, only 1 way secure communication is possible and It is not easy for everyone to generate those related keys.

15 Logical Security Cryptography: –Symmetric/Private Key Cryptography: Uses a single key for, –Encryption and Decryption, which must be kept, –Private (Secret) between the Sender and the Receiver. Challenge/Disadvantage: –Difficult to share the Private Key securely at the first place. Examples: –DES: Data Encryption Standard. »56 bit encryption key. »Could be broken by a fast computer in 6 minutes. –3DES: Triple DES. »Key Length: 112 bits. –AES: Advanced Encryption Standard. »Key Length: 256 bytes = 2048 bits. »Takes 150 trillion years to break the key. –Blowfish, IDEA (International Data Encryption Algorithm) etc.

16 Logical Security Cryptography: –Asymmetric/Public Key Cryptography: Uses 2 different (mathematically related) keys for, –Encryption and Decryption where, »Encryption is done using Receiver’s Public Key and, »Decryption is done using Receiver’s Private Key. Data encrypted using receiver’s Public Key can only be decrypted using, –Receiver’s Private Key and cannot be decrypted using, –The same Public Key. Examples: –RSA: Ron Rivest, Adi Shamir, Leonard Adleman. »Key Length: 1024 bit For more detailed information, click here.click here

17 Cryptography Private Public Private Public How a 2-way secure communication happens? Symmetric Public Key Cryptography is used to exchange the Symmetric Key securely. All further communication happens using the Symmetric Key. Challenge / Disadvantage: Encryption only ensures secure communication. Does not ensure the authenticity / genuineness of the receiver. Using Symmetric Key Encryption OR Using Public Key Encryption Difficult to ensure that communication is happening with ‘Facebook’ and not ‘Fakebook’.

18 Cryptography ASymmetric Key Encryption /Public Key Cryptography Student1 Student2 Student3 HOD Faculty Digital Signature Encryption: Done using the private key. Decryption: Done using the public key. Keys Private Public Private Public

19 Cryptography Certification Authorities (CAs) From where did client get the public key of google server? Private Public Digital Certificate Private Public Question:

20 1. Clients sends a request. 2. Server sends a response in the form of its Digital Certificate issued by some Certification Authority (CA). Digital Certificate is encrypted by the Private Key of CA. 3. Client decrypts the Digital Certificate using the preloaded Public Key of CA and extracts information such as Name of Server, Address of Server, Public Key of Server, Expiry Date of Certificate etc. 4. Client generates a unique Symmetric Key and sends it to the Server by encrypting it using Public Key of Server. 5. Server decrypts the Symmetric Key using the Private Key of Server. 6. Then communication happens between Client and Server using the Symmetric Key. SSL (HTTPS) Communication Cryptography

21 SSL (HTTPS) Communication

22

23 Logical Security Asymmetric/Public Key Cryptography: –Digital Signature: A method for, –Showing the authenticity (genuineness) of a message or document. A valid digital signature gives a receiver a reason to believe that, –Authentication: »Message was created by a known sender. –Non-Repudiation: »Sender cannot deny having sent the message. –Integrity: »Message was not altered in transit. Commonly used for, –Software distribution, Financial transactions etc.

24 Logical Security Digital Certificates / Digital ID: –A functionality that: Verifies that a sender (Web site) is who or what it claims to be. –Serves the same function as a: »Driving license »Passport –Although it does not say one thing: About the usefulness or quality of the downloaded program. –Only supplies a level of assurance that the software is genuine.

25 Logical Security Digital Certificates: –Issued to organizations or individuals by an agency called: Certification authority (CA). –Examples: »Thawte »VeriSign »Entrust »Equifax Secure –Entities must supply appropriate proof of identity when applying for digital certificates. Once the CA is satisfied, it issues the certificate.

26 Logical Security Digital Certificates: –Includes following elements: Certificate owner’s identifying information such as name, organization, address. Certificate owner’s public key. Dates between which the certificate is valid. Serial number of the certificate. Name of the certificate issuer (Certification Authority).

27 Logical Security Network of an Organization Switch Firewall Question: Will there be any control on the traffic either moving From the Organization to the Internet or vice versa? NO. Could this be dangerous/risky for the security of the organization?

28 Logical Security Firewall: –Entity which is placed at the, Entry/Exit point of the networks to, –Provide a defense between, »A network and the Internet and, –Control the data traffic moving through it. –Acts as a, Filter which can distinguish/identify, –Good from the Bad, –Allowed from Denied, According to the, –Rules/Configurations/Policies set in a Firewall. –Similar to, Scanning machine kept at the Malls / Airports. Ozone layer of the atmosphere.

29 Firewall Characteristics of a Firewall: –1) All traffic from inside to outside and from outside to inside the network, Must pass through the firewall. –2) A firewall should obstruct/block/stop, All the unauthorized traffic. –3) A firewall should not obstruct/block/stop, Any legitimate users.

30 Firewall Characteristics of a Firewall: –4) The firewall itself should be immune to penetration. Firewalls should not have any unnecessary software installed. –Should be used only as a firewall and not as a general-purpose computing machine. »Only essential OS and firewall-specific protection software should remain on the computer. –Having fewer software programs on the system means: »Less chances of security breaches. Access to a firewall should only be restricted to: –Physical Access (Not remote access)

31 Firewall Types of Firewalls: –Classified into following categories: Application-level Firewall. Packet-level Firewall.

32 Firewall Types of Firewalls: –Application-level Firewall: Filter traffic based on the application requested. –Allow/Deny access to specific applications such as, »FTP, HTTP etc. Example of Application-level policy: –Allows Incoming FTP requests but Blocks Outgoing FTP requests. –Allows Incoming HTTP requests but Blocks Outgoing HTTP requests.

33 Firewall Types of Firewalls: –Packet-level Firewall: Works as IP level filter. Examines/Checks the source and destination addresses and ports of incoming packets and, –Allows or denies entrance to the packets based on a set of rules. Example: –Allow IP address 192.168.1.1 to go through but disallow IP address 192.168.10.10.

34 Logical Security Firewall Home User Software Firewall: Windows Firewall, Norton Internet Security etc. Can a home user afford a dedicated machine for a Firewall? NO.

35 Network Security References: –http://content.hccfl.edu/pollock/AUnixSec/P ublicKeyDemo.htmhttp://content.hccfl.edu/pollock/AUnixSec/P ublicKeyDemo.htm –http://www.youtube.com/watch?v=Ao5pMF e9fHU

Download ppt "Security Security: –Security means, Protection against, –Some kind of Threat (Danger)."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
CP3397 ECommerce.

CP3397 ECommerce.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security (Part 2) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 13, Thursday 4/5/2007)

Security (Part 2) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 13, Thursday 4/5/2007)
1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.

1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.

Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Cryptographic Technologies

Cryptographic Technologies
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.

Similar presentations

Ads by Google