Escolar Documentos
Profissional Documentos
Cultura Documentos
PRESENTED BY
Sri Vallabh
Aida Janciragic
Sashidhar Reddy
Topics of Discussion
Internet Security
Why do we need to study security in the
internet?
Here are some reasons
Computer networks have lots of vulnerabilities and
threats
A hacker can log into my machine remotely and destroy
the information
A malicious program can wipe out data on hundreds of
computers causing huge losses
Questions to consider
What are we trying to protect?
What operations are authorized?
What is security parameter?
Principles continued
Know the configuration of the network hardware
and software
Know the vulnerabilities of the configuration
Know the threats and consider it in relation to the
vulnerabilities to asses the risk
Authenticate and authorize the accessto network
resources
Principles Continued..
Maintain audit logs
Have a plan to detect and respond to security
incidents
Ensure individual accountability
Continued
Let us discuss the five stages of development in
TwoHands Networks and consider in each stage
the problems associated with the network and the
possible remedies
Continued
Possible Countermeasures
1. Introduction of an authentication system
for each user
2. Installation of virus detection software
and configuration monitors
3. Installation of temper resistant hardware
4. Security awareness training for
authorized
users
Continued
Possible Countermeasures
1. Use a reliable web server package
2. Keep abreast of the advisories provided
by CERT(Computer Emergency
Response Team), FIRST(Forum of
Incident Response Teams)
3. Proper maintenance of web server
Continued
Possible Countermeasures
1. Using a secure web server like HTTP
2. Double checking the CGI scripts
3. Customer authentication
Continued
Possible Countermeasures
1. Proper firewall configuration
2. Vigilant management of firewall and the
website
3. Provide proper awareness of security to
the internal users
Continued
Possible Countermeasures
1. Using proper encryption methodology
2. Avoid same company as ISP all the sites
Vulnerabilities
Network
Sniffing
War Dialing
Protocol
Data-link-layer security
Network-layer security
Transport-layer security
IP origin forgery
Asymmetric
RSA
DES
RSA
Authentication
Cryptographic Hash Functions
MAC (Message Authentication Code)
Digital Signatures
IP Security Scenario
Ticket
Granting
Service
Client
Server
Intrusion Detection
Network Based
Network Security Monitor, Network
IDS, Net Ranger, Tripwire etc
Host Based
Probes of host ports, password guessing
etc
Firewall
Firewall : a method used to prevent unauthorized
access to a private network
Internet
Internet
Trust
Types of Firewalls
SOCKS
Firewall
Protected
Network
Socksified
user app asks
SOCKS daemon for
circuit
Internet
SOCKS daemon
on firewall parses
request, checks
access control
rules, and makes
connection (proxy);
copy data back in through
firewall.
Target of
communication
sends information
back through SOCKS
daemon, which routes it
to the user desktop.