Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Chapter 1 The need for security Computerized trend (all kind of information are in the database) Information passing through Internet.

Published byJennifer Wiggins Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Chapter 1 The need for security Computerized trend (all kind of information are in the database) Information passing through Internet."— Presentation transcript:

1 1 Chapter 1 The need for security Computerized trend (all kind of information are in the database) Information passing through Internet

2 2 Chapter 1 Data Transmission on the Internet Data travels in clear text [ASCII or BIG-5] Personal or confidential information is not secure Example: Credit card details

3 3 Chapter 1 Clien t Customer Id: 78910 Order Id: 90 Item Id: 156 Credit Card Number: 1234-5678-9000-2345 Issued By: Visa Valid Till: Jan 2006 … Serve r Server Database Transmission of Credit Card Details Fig 1.1

4 4 Chapter 1 Security Approaches Security models –No security –Security through obscurity –Host security –Network security

5 5 Chapter 1 Security Management Practices A good security policy takes care of four key aspects, –Affordability –Functionality –Cultural issues –legality

6 6 Chapter 1 Process to carry a security police Explanation to all concerned Outline everybody’s responsibilities Use simple language in all communications Accountability should be established Provide for exception and periodic reviews

7 7 Chapter 1 Principles (functionality) of security Four chief objectives: –Confidentiality –Authentication –Integrity –Non-repudiation Others: –Access control –Availability

8 8 Chapter 1 Confidentiality Also called as privacy Refers to the secrecy of information Only the sender and the intended receiver(s) should have an access to the information

9 9 Chapter 1 A B C Secret Loss of Confidentiality (interception) Fig 1.2 SenderReceiver Attacker

10 10 Chapter 1 Authentication Identifies the sender/receiver of a message, proof of identities. Required so that the communicating parties trust each other Answers: Who am I trusting or talking?

11 11 Chapter 1 Absence of Authentication (fabrication) Fig 1.3 A B C I am user A SenderReceiver Attacker

12 12 Chapter 1 Integrity Ensures that any changes to a message are detected The message from the sender to the receiver must travel without any alterations Changes need to be prevented, or at least, detected

13 13 Chapter 1 Loss of Message Integrity (modification) Fig 1.4 A B C Transfer $100 to C Transfer $1000 to C Ideal route of the message Actual route of the message SenderReceiver Attacker

14 14 Chapter 1 Non-repudiation Defeats the possibilities of denying something been done. The others ’(the third) trusted proof between sender and receiver.

15 15 Chapter 1 An example- the I.D. card

16 16 Chapter 1 Access control Specifies and controls who can access what data. For example, user A view the records, but can not update. Neither see other records not authorized.

17 17 Chapter 1 Availability Resources/applications must be available to authentic users all the time Attackers can deny the availability Denial Of Service (DOS) is an example of an attack on availability

18 18 Chapter 1 Attack on Availability Fig 1.5 A B C SenderReceiver Attacker

19 19 Chapter 1 Types of Attacks Fig 1.6 Attacks Passive attacks Active attacks

20 20 Chapter 1 Classification of Passive Attacks Fig 1.7 Passive attacks (Interception) Release of message contents Traffic analysis

21 21 Chapter 1 Classification of Active Attacks Fig 1.8 Active attacks Interruption (Masquerade) Fabrication (Denial Of Service - DOS) Modification Replay attacks Alterations

22 22 Chapter 1 Practical Side of Attacks Fig 1.9 Security attacks in practice Application level attacks Network level attacks

23 23 Chapter 1 Virus Program that causes damage to other programs/applications/data Contains malicious code Propagates as it damages

24 24 Chapter 1 Example of Virus Fig 1.10 Add x to y Perform Print-Job Perform Close-Job End Add x to y Perform Print-Job Perform Virus-Job Perform Close-Job End Delete all files Send a copy of myself to all using this users address book Return (a) Original clean code (b) Virus infected code (c) Virus code

25 25 Chapter 1 Worm Propagates as it damages Does not damage a program/data Consumes resources, and brings system to a halt

26 26 Chapter 1 Example of Worm Fig 1.11 Perform resource- eating tasks, but no destruction Worm code Perform resource- eating tasks, but no destruction … Replicate itself

27 27 Chapter 1 Trojan Horse Silently observes user actions and captures confidential information Uses captured information for its use Example: Capturing user id and password

28 28 Chapter 1 Example of Trojan Horse Fig 1.12 User User Id: xxx Password: yyy Login code … Trojan horse Login code … Attacker User Id: xxx Password: yyy Login program

29 29 Chapter 1 HTTP Protocol Hyper Text Transfer Protocol Used for communication between a browser and server on the Internet Based on a Request-Response model

30 30 Chapter 1 HTTP Protocol Fig 1.13 Client Server Client Server HTTP Request Please send me the Web page www.yahoo.com/info HTTP Response Web page www.yahoo.com/info ….

31 31 Chapter 1 Java Applet/ActiveX Control Small programs that get downloaded along with an HTML page to the client Executes on the client browser Makes Web pages active

32 32 Chapter 1 Web Page containing Applet Fig 1.14 Client Server Client Server HTTP Request Please send me the Web page www.abc.com/init HTTP Response Applet Web page www.abc.com/init ….

33 33 Chapter 1 Cookie HTTP protocol is stateless For client to remember its state, some mechanism is needed Cookie allows client to remember its state

34 34 Chapter 1 Cookie Creation Fig 1.15 (a) Web browser Web server Name: John Address: … … Id: 123456 Name: John Address: … … Id: 123456 123456 John … 123457 Pete … ……… Cookie

35 35 Chapter 1 Cookie Usage Fig 1.15 (b) Web browser Web server Id: 123456 Name: John Address: … … What does Id: 123456 map to? Welcome John! Step 1 Step 2 Step 3 Step 4 123456 John … 123457 Pete … ………

36 36 Chapter 1 HTML Hyper Text Markup Language Tag-based language used to create Web pages Browser can interpret HTML

37 37 Chapter 1 Example of HTML Tags Fig 1.16, 1.17 This is an example of text being displayed in boldface. Start of boldface The text that needs to be displayed in boldface End of boldface This is an example of text being displayed in boldface. Browser interprets this This is an example of text being displayed in boldface.

38 38 Chapter 1 Java Security Java source program Java compiler istore 1 getfield#5 astore0 … Java byte code Internet Java byte code verifier Class loader Java interpreter Java compiler Runtime environment Hardware Fig 1.18

39 39 Chapter 1 Java security Sandbox model Java application security –Bytecode verifier –Class loader –Access controller –Security package Built-in Java application security –Array bound –Access methods are strictly adhereed to

40 40 Chapter 1 C program vs Java Void main() { Char *p; print (“enter a string”); gets(p) }

41 41 Chapter 1 Specific attacks Internet deliver packets Attackers target these packets in two main forms: (a) packet sniffing (snooping) (b) packet spoofing

Download ppt "1 Chapter 1 The need for security Computerized trend (all kind of information are in the database) Information passing through Internet."

Similar presentations

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Electronic Commerce Security Presented by: Chris Brawley Chris Avery.

Electronic Commerce Security Presented by: Chris Brawley Chris Avery.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.

6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.
1 Network Security Derived from original slides by Henric Johnson Blekinge Institute of Technology, Sweden From the book by William Stallings.

1 Network Security Derived from original slides by Henric Johnson Blekinge Institute of Technology, Sweden From the book by William Stallings.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.

Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.

Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.
Introduction (Pendahuluan)  Information Security.

Introduction (Pendahuluan)  Information Security.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
WWW and Internet The Internet Creation of the Web Languages for document description Active web pages.

WWW and Internet The Internet Creation of the Web Languages for document description Active web pages.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

Similar presentations

Ads by Google