Presentation is loading. Please wait.

Presentation is loading. Please wait.

WEB security From COOKIES to Packet Sniffers – What Is This Stuff Anyway and Why Should I Care.

Published byHoward Stokes Modified over 8 years ago

Similar presentations

Presentation on theme: "WEB security From COOKIES to Packet Sniffers – What Is This Stuff Anyway and Why Should I Care."— Presentation transcript:

1 WEB security From COOKIES to Packet Sniffers – What Is This Stuff Anyway and Why Should I Care

2 Page 285 Section A Chapter 6 Web Technology Cookies: What is a “cookie”? Cookie – small chunk of data generated by a Web server and stored in a text file on your computer Cookie – small chunk of data generated by a Web server and stored in a text file on your computer Cookie: jqstudent@sarasota.fl.us/ SITESERVER ID=9022591d2390f3b8639aa3c7cf1ca8f5 sarasota.fl.us/ 0 642859008 31887777 2868194304 29411026

3 Page 285 Section A Chapter 6 Web Technology What is a “cookie”? Web sites use cookies to: Web sites use cookies to: Track your path through a site Track your path through a site Provide information that allows the Web site to present you with ad banners Provide information that allows the Web site to present you with ad banners Retain any personal information that you type into a Web page form Retain any personal information that you type into a Web page form

4 Page 285-286 Section A Chapter 6 Web Technology Why do Web sites use cookies to keep track of my activity? Because each request is considered separate by the Web server Because each request is considered separate by the Web server Cookies allow server to know which requests are yours Cookies allow server to know which requests are yours Provide temporary storage space Provide temporary storage space Way to identify your requests from others Way to identify your requests from others

5 Page 286 Section A Chapter 6 Web Technology Are cookies safe and private? Cookies are a relatively safe technology Cookies are a relatively safe technology Data, not computer program Data, not computer program Can only be accessed by site that created it Can only be accessed by site that created it Contain only information you disclose while using the site Contain only information you disclose while using the site Uses a randomly generated number instead of your name Uses a randomly generated number instead of your name

6 Page 286 Section A Chapter 6 Web Technology Does my computer have to accept cookies? Most browsers will let you block cookies Most browsers will let you block cookies Without cookies, you may not be able to do some things on the Web Without cookies, you may not be able to do some things on the Web P3P (Platform for Privacy Preferences Project) – defines security tags for cookies in their HTTP header P3P (Platform for Privacy Preferences Project) – defines security tags for cookies in their HTTP header Compact Privacy Policy – describes how cookie data is used by a Web site Compact Privacy Policy – describes how cookie data is used by a Web site

7 Page 286 Section A Chapter 6 Web Technology Does my computer have to accept cookies?

8 Page 287 Section A Chapter 6 Web Technology How long do cookies stay on my computer? A web programmer can program cookie to “time out” A web programmer can program cookie to “time out” You can delete the cookies You can delete the cookies Netscape uses Cookies.txt or Magiccookie Netscape uses Cookies.txt or Magiccookie IE stores each in a separate file IE stores each in a separate file

9 Page 287 Section A Chapter 6 Web Technology How long do cookies stay on my computer?

10 Page 309 CHAPTER 6 E-Commerce Section D PARSONS/OJA Web Pages, Web Sites, And E- Commerce

11 Page 309 Section D Chapter 6E-Commerce E-Commerce Basics: What is e-commerce? E-commerce – describes financial transactions that are conducted electronically over a computer network E-commerce – describes financial transactions that are conducted electronically over a computer network Includes physical products, digital products, and services Includes physical products, digital products, and services Digital products such as News, music, video, databases, software, and all types of knowledge- based items Digital products such as News, music, video, databases, software, and all types of knowledge- based items Peddle services, such as arranging trips, online medical consultation, and remote education Peddle services, such as arranging trips, online medical consultation, and remote education

12 Page 310-311 Section D Chapter 6E-Commerce How does e-commerce work? Shoppers connects to online store Shoppers connects to online store Behind the scenes, based on a Web site and group of technologies Behind the scenes, based on a Web site and group of technologies Based on domain name which acts as the entry to the online store Based on domain name which acts as the entry to the online store Includes some mechanism for customers to select merchandise and then pay for it Includes some mechanism for customers to select merchandise and then pay for it

13 Page 311 Section D Chapter 6E-Commerce Shopping Carts: What’s an online shopping cart and how does it work? Shopping cart – cyberspace version of the good old metal cart that you wheel around a store and fill up with merchandise Shopping cart – cyberspace version of the good old metal cart that you wheel around a store and fill up with merchandise Shopper browses Web site, and then adds products using a “Buy” or “Add to Cart” button Shopper browses Web site, and then adds products using a “Buy” or “Add to Cart” button Uses cookies to store information about your activities on Web site Uses cookies to store information about your activities on Web site

14 Page 311 Section D Chapter 6E-Commerce How do shopping carts work?

15 Page 312 Section D Chapter 6E-Commerce How do shopping carts work?

16 Page 312 Section D Chapter 6E-Commerce What is an HTML form?

17 Page 313 Section D Chapter 6E-Commerce What happens to the data that’s entered into a form? Your information is stored on your hard disk; it not left “hanging around” Your information is stored on your hard disk; it not left “hanging around” When you click a Submit button, information is gathered and submitted via a specially designated program on an HTTP server When you click a Submit button, information is gathered and submitted via a specially designated program on an HTTP server

18 There Is More to WEB Security Than Cookies What happens when you fill out a WEB form: What happens when you fill out a WEB form: You may input your name and address – not so bad You may input your name and address – not so bad You may input your phone number – hmmm You may input your phone number – hmmm You may input your credit card number and expiration date – could be BAD You may input your credit card number and expiration date – could be BAD This information will temporarily stay on your hard drive – not so bad This information will temporarily stay on your hard drive – not so bad This information will travel across the internet wires readable as the Sunday comics – BAD! NEWS This information will travel across the internet wires readable as the Sunday comics – BAD! NEWS

19 Page 313 Section D Chapter 6E-Commerce Can the data in the HTTP message be intercepted in transit? Packet sniffer – monitors data as it travels over networks Packet sniffer – monitors data as it travels over networks 2 technologies protect the data 2 technologies protect the data SSL (Secure Sockets Layer) – encrypts the data SSL (Secure Sockets Layer) – encrypts the data S-HTTP (secure HTTP) – extension of HTML that encrypts the text of an HTTP message before it is sent S-HTTP (secure HTTP) – extension of HTML that encrypts the text of an HTTP message before it is sent

20 Packet Sniffers Software that will read network packets not meant for the machine it runs on Software that will read network packets not meant for the machine it runs on Packets travel between network cards Packets travel between network cards Network cards pass packets that are addressed to their machine up to the operating system and drop all others – OS knows what to do with packets Network cards pass packets that are addressed to their machine up to the operating system and drop all others – OS knows what to do with packets Packet sniffers put network cards in promiscuous mode – read packets not meant for them Packet sniffers put network cards in promiscuous mode – read packets not meant for them

21 Encryption How does it work? How does it work? Encryption - hmmmm Encryption - hmmmm There are different methods: There are different methods: Main idea is there is an encrypt and a decrypt functions that work in the following manner: Main idea is there is an encrypt and a decrypt functions that work in the following manner: Encrypt ( key, plaintext ) => ciphertext Encrypt ( key, plaintext ) => ciphertext Decrypt ( key, ciphertext ) => plaintext Decrypt ( key, ciphertext ) => plaintext Ciphertext is not understandable by anyone who doesn’t have the right KEY Ciphertext is not understandable by anyone who doesn’t have the right KEY

22 Types of Cryptography Symmetric: Symmetric: Caesar cipher – shift cryptography Caesar cipher – shift cryptography Cryptogram - substitution crypto Cryptogram - substitution crypto One time pad One time pad Asymmetric: Asymmetric: Public/Private Public/Private PGP (email) PGP (email)

23 How do these work? Symmetric Symmetric Both parties need the same key to encrypt/decrypt Both parties need the same key to encrypt/decrypt Problem – how do we get keys to each other in a secure manner: turns into a sort chicken and egg problem Problem – how do we get keys to each other in a secure manner: turns into a sort chicken and egg problem Asymmetric Asymmetric Solves this problem – Solves this problem – WITH REALLY BEAUTIFUL MATH: involves a publicly available key that anyone can use to encrypt but only the holder of the (shhh!) secret key can decrypt Creates a new problem (no free lunch) – how do I know that the public key that you are advertising is really yours - hmmm Creates a new problem (no free lunch) – how do I know that the public key that you are advertising is really yours - hmmm

24 Solution – Digital Certificates These are digital verifications that bind a NAME, or other important identification with a Public Key These are digital verifications that bind a NAME, or other important identification with a Public Key Your browser can then do some magic to verify these to some standard Your browser can then do some magic to verify these to some standard

25 Page 306 Section C Chapter 6 Web Page Extensions, Scripts, and Programs What is a digital certificate? Digital certificate – electronic attachment to a file that verifies the identity of its source Digital certificate – electronic attachment to a file that verifies the identity of its source Certificate authority – company that supplies digital certificates Certificate authority – company that supplies digital certificates

26 Page 307 Section C Chapter 6 Web Page Extensions, Scripts, and Programs How does a digital certificate work? If your security is set to “medium”, browser displays a warning message to alert you that an ActiveX component is trying to install itself If your security is set to “medium”, browser displays a warning message to alert you that an ActiveX component is trying to install itself Your browser reads the certificate, displays the name of the person or company that signed it, and verifies that the component was not altered since it was signed Your browser reads the certificate, displays the name of the person or company that signed it, and verifies that the component was not altered since it was signed

27 Page 307 Section C Chapter 6 Web Page Extensions, Scripts, and Programs How does a digital certificate work?

28 SSL and SHTTP SSL: SSL: A networking technology which uses public/private key to encrypt packets going over internet wires A networking technology which uses public/private key to encrypt packets going over internet wires Can be used in situations other than web sessions Can be used in situations other than web sessions SHTTP: SHTTP: Public/private key technology used to send web pages in encrypted form Public/private key technology used to send web pages in encrypted form HTTPS: HTTPS: Only send information that you want to remain secret during a https:// session. Only send information that you want to remain secret during a https:// session.

29 Page 313 Section D Chapter 6E-Commerce Can the data in the HTTP message be intercepted in transit? Securing your credit card number solves only half of the security problem Securing your credit card number solves only half of the security problem SET (Secure Electronic Transaction – security method that relies on cryptography and digital certificates to ensure that transactions are legitimate as well as secure SET (Secure Electronic Transaction – security method that relies on cryptography and digital certificates to ensure that transactions are legitimate as well as secure Endorsed by major players in the e-commerce arena Endorsed by major players in the e-commerce arena

30 Page 314-315 Section D Chapter 6E-Commerce Credit Card Security: How can online credit card transactions get hacked? Fake Storefronts – Trojan horse site Fake Storefronts – Trojan horse site Intercepted packets – uses packet sniffers Intercepted packets – uses packet sniffers Database break-ins – unauthorized access of customer databases Database break-ins – unauthorized access of customer databases Dishonest employees Dishonest employees Always-on connections Always-on connections

31 Page 315 Section D Chapter 6E-Commerce What steps can I take to safeguard my credit card number? Only foolproof method – don’t use it Only foolproof method – don’t use it To reduce probability of online credit card fraud, make sure that you deal with legitimate merchants To reduce probability of online credit card fraud, make sure that you deal with legitimate merchants One-time-use credit card numbers – allow customers to make purchases while keeping their actual card numbers hidden One-time-use credit card numbers – allow customers to make purchases while keeping their actual card numbers hidden Provided by your credit card provider’s Web site Provided by your credit card provider’s Web site

32 Last Thoughts Security is a multifaceted computer issue Security is a multifaceted computer issue There is security pertaining to your computer – There is security pertaining to your computer – without the network without the network The network adds a new layer of security issues The network adds a new layer of security issues The WEB adds a new layer The WEB adds a new layer Security Protocols Security Protocols People in the computer field try to come up with procedures that ensure computer security at different levels – hard to get right People in the computer field try to come up with procedures that ensure computer security at different levels – hard to get right Security User Interfaces Security User Interfaces How to get the computer user to enforce security policies on her own machine - MY RESEARCH INTEREST How to get the computer user to enforce security policies on her own machine - MY RESEARCH INTEREST

Download ppt "WEB security From COOKIES to Packet Sniffers – What Is This Stuff Anyway and Why Should I Care."

Similar presentations

CP3397 ECommerce.

CP3397 ECommerce.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security

Cryptography and Network Security
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
CC3.12 Lecture 12 Erdal KOSE Based of Prof. Ziegler Lectures.

CC3.12 Lecture 12 Erdal KOSE Based of Prof. Ziegler Lectures.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?

6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
Email Extras Plus! Pepper. Objectives E-mail extra knowledge Cookies Picture handling when creating site.

Extras Plus! Pepper. Objectives extra knowledge Cookies Picture handling when creating site.
1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.

1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.

Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.

Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

Similar presentations

Ads by Google