E- Commerce Network Security And Firewall . Client server security (password protection, encrypted smart cards, biometric systems and firewalls) 2. Data and transaction security (data encryption) Problems leads to Client server network security threats: Physical security holes (unauthorized access , hackers gain the password ) Software security holes ( bad program,sendmail hole . Security through obscurity: Hiding password in binary files or in scripts with the assumption that . Password schemes: using a mixed password or changing every day. Security and the Basics of Encryption in E-Commerce. The message only makes sense when it. E-Commerce: Purchasing and Selling Online. E-commerce refers to the process of buying or selling products or services. Privacy and Security Issues in E-Commerce. Ecommerce and security. Follow everything from CIO. Understanding how SSL affects e-commerce. An attachment to an electronic message used for security. Encryption is the most effective way to achieve data security. Understood that security always. Cyber Security Planning Guide. TC-1 Table of Contents Section Page #s Thank you. Privacy and Data Security. Data security is crucial for all small businesses. Biometric systems: finger prints, palm prints, retinal patterns, signature verification and voice recongnization. Client server network security. Security threat is emerging in the electronic commerce world is mobile code , virus threat. Treats are divided into two categories: 1. Threats to local computing environment from mobile software. Access control and threats to servers that include impersonation, packet replay and modification. Ex: hackers have potential access to a large number of system. Hackers can use popular Unix programs to discover account details. Firewall and network security: 3. Firewall and network security INTERNET Enterprise LAN Or WAN Stop FIREWALL Firewall bypass should not be allowed Corporate Network Fig: firewall secured internet connection Firewall: It is method of placing a devices a computer or router between the network and internet to control and monitor all traffic between outside world and local network. Firewall functions: Filtering Inspection Detection Logging Alerting Firewall is used in the following traffic routing: Ip packet screening routers (proxy application gateway, Hardened firewall hosts)Power. Point Presentation: Advantages Properly configured routers can plug many security holes. Disadvantages Difficult to specify screening rules. If router is circum rented by a hacker. It contains two techniques: Proxy application gate way Hardened firewall hosts Fig: secured firewall with IP packet screening routers IP packet screening routers It is a static traffic routing service placed between he network service providers router and internal network. Firewall router filters incoming packets to permit or deny IP packets based on several screening rules. Power. Point Presentation: Proxy application gate way: it is a special server that typically runs on firewall machine the primary use is accesses WWW within secured perimeter Clients inside the firewall Proxy server on the firewall machine that connects to external internet Web HTTP server FTP server Usernet news server Telnet server Gopher server Public internet Secured subnet inside the firewall security perimeter N/w protocols NNTP Telnet Gopher FTP HTTP Advantages Allow to ignore the complex networking code which is necessary to support every firewall protocol. Single web client with proxy server. Proxies manages Ip address. Limiting dangerous subsets of HTTP. Enforcing client/server access to designate the host. Implementing access control. Checking various protocol for well- formed commands. Power. Point Presentation: Hardened firewall hosts : Is stripped down machine that has been configured for increased security , the primary use is connecting the Inside /outside users to trusted applications on firewall machine. Steps: Remove all user accounts except necessary operations. Remove all non crucial files. Extending traffic logging and monitoring to check remote access. Centralized and simplified n/w service management. Security policies and firewall management: The firewall method of protection spans a continuum between ease of use and paranoid security. Data and message security: 3. Data and message security Transaction security issues divided as Data security and message security. Data security : it is important when people are consider banking and financial transaction by PC. Major threat of data security is Packet sniffing (unauthorized n/w monitoring),Sniffers use the n/w traffic , Ex: Telnet, FTP and relogin sessions through it gains the information like username and password . Message security : threats to message security fall into three categories. Message confidentiality : is need for sensitive data such as credit card numbers, employee records , govt files ,etc. Environment must protect all message traffic (after delivery it shows remove from environment). Distributed and wire less n/w valunrate the data communication. Message and system integrity : it is unauthorized combining of message either by intermixing, concatenation. Error detection code, check sum, sequence no and encryption technique are the methods of integrity. Message sender authentication or identification: It verifies the identity of an user using certain encrypted information transferred from sender to receiver. Types of encryption methods : Types of encryption methods Secret- key cryptography DES Public key cryptography RSA and Public key cryptography Mixing RSA and DES Digital public key certificates Clipper chip Digital signatures(DSS) Secret- key cryptography : encrypted by transmitter and decrypted by receiver Example User A encrypts and set secret key send email to B ,B checks header to identify and unlocks his e- key storing area. Sender and receiver should agree for encryption. DES(Data encryption standard) : a widely adopted implementation of secret key cryptography uses DES. It operates on 6. Public key cryptography: it involves pair of keys private and public keys Encrypted by private key and decrypted by public key. Private key keeps message secrete. RSA is predicated by product of two numbers greater than 2 5. Together, the DES encrypted message and RSA encrypted DES key are sent. This protocol is known as an RSA digital envelope. RSA - Secrete key exchange the digital signature. DES - Encrypts the message. Digital public key certificates : it is data structure, digitally signed by a certification authority ,that binds a private key value to the identity of the entity holding the corresponding private key. The latter entity known as the Subject of the certificate. Clipper chip: it was designed to balance the competing concerns of federal law enforcement agencies with those of private citizens and industry. Digital Signatures: it consist two parts : a method of signing a document such that forgery is infeasible, and a method of verifying that a signature was actually generated by whomever it represents. Challenge response system: 3. Challenge response system It uses the following authentication methods Token or smart card authentication: it computes a password or encryption key and furnishes it directly to the computer for the logon procedure when a user wants Third party authentication : Consider Kerberos case study the popular third- party authentication protocol encryption based system, the session key is issued to third party person to authorized to the encryption. He should perform under some conditions like maintain confidentiality, taking part in legal issues. Encrypted documents and E- mail: Most email messages you send travel vast distances over many networks, secure and insecure, monitored and unmonitored, passing through and making copies of themselves on servers all over the Internet. In short, pretty much anyone with access to any of those servers - or sniffing packets anywhere along the way - can read your email messages sent in plain text. There are two confidential sender authentication methods 1. PGP (Pretty Good Privacy) : it is a free s/w developed by philip . Email encryption is easy, free and offers strong protection against prying eyes. How PGP email encryption works Consider this scenario. Sam wants to send Jane a secret email love letter that he doesn't want Joe, Jane's jealous downstairs neighbor who piggybacks her wifi , to see. Jane uses PGP, which means she has a PUBLIC key (which is basically a bunch of letters and numbers) which she's published on her web site for anyone who wants to send her encrypted email messages to use. Jane's also got a PRIVATE key which no one else - including Joe the Jealous Wifi Piggybacker - has. So Sam looks up Jane's public key. He composes his ardent profession of love, encrypts it with that public key, and sends Jane his message. In sending, copies of that message are made on Sam's email server and Jane's email server - but that message looks like a bunch of garbled nonsense. Joe the Jealous Wifi Piggybacker shakes his fist in frustration when he sniffs Jane's email for any hint of a chance between them. He can't read Sam's missive. However, when Jane receives the message in Thunderbird, her private key decrypts it. When it does, she can read all about Sam's true feelings in (pretty good) privacy. Encrypted documents and E- mail. Power. Point Presentation: PEM(Privacy Enhanced Mail): There is increasing interest at Rutgers in using email to transmit private information, and to be able to verify that validity of email. This document will describe use of the Internet standards for Privacy Enhanced Mail. The facilities described here Are reasonably easy to use, although the first time you use privacy enhanced mail, you'll have some setup to do. Allow you to send documents in . This document has three primary sections Creating and loading a certificate. This describes what you have to do in order to use privacy- enhanced mail. You have to do this process once a year. Using privacy enhanced mail. This describes how to send and receive privacy- enhanced mail using Microsoft Outlook, Mozilla software (particularly Thunderbird), and Macintosh Mail. How secure is privacy- enhanced mail? US Government regulations encryption: 3. US Government regulations encryption The U S Govt has been disclosed, to grant export license for encryption products stronger than some basic level. Under regulation, cryptography first submits a request to state departments a request to state departments defense trade control office.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2017
Categories |