• Save
E Commerce security
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

E Commerce security

on

  • 3,983 views

It describes various threats faced by e-commerce and the ways to deal with them.

It describes various threats faced by e-commerce and the ways to deal with them.

Statistics

Views

Total Views
3,983
Views on SlideShare
3,976
Embed Views
7

Actions

Likes
1
Downloads
0
Comments
0

2 Embeds 7

http://mangastorytelling.tistory.com 6
http://www.hanrss.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

E Commerce security Document Transcript

  • 1. E-Commerce Security Challenges to Security  Internet was never designed with security in mind.  Many companies fail to take adequate measures to protect their internal systems from attacks.  Security precautions are expensive {firewalls, secure web servers, encryption mechanisms}.  Security is difficult to achieve. Two Major Developments During the Past Decade: 1. Widespread Computerization 2. Growing Networking and Internetworking The Internet  Need for Automated Tools for Protecting Files and Other Information.  Network and Internetwork Security refer to measures needed to protect data during its transmission from one computer to another in a network or from one network to another in an internetwork.  Network security is complex. Some reasons are:  Requirements for security services are:  Confidentiality  Authentication  Integrity  Key Management is difficult.  Creation, Distribution, and Protection of Key information calls for the need for secure services, the same services that they are trying to provide. Security Issues Security concerns generally include the following issues: • Confidentiality: – – Ensuring that information in the network remains private. – • Knowing who can read data. This is done via encryption. Identification and Authentication: – • Making sure that message sender or principal are authentic. Availability – System resources are safeguarded from tampering and are available for authorized users at the time and in the format needed Made by: Mayank Kashyap Email: mayank_kashyap@ymail.com
  • 2. • Integrity: – • Access Control: – • Ensuring that principal cannot deny that they sent the message. Privacy – • Restricting the use of resources to authorized principals. Nonrepudiation: – • Making sure that information is not accidental or maliciously altered or corrupted in transit. Individual rights to nondisclosure Firewalls: – A filter between corporate network and the Internet to secure corporate information and files from intruders but allowing access to authorized principals. Threats and Attacks  Unauthorized access  Loss of message confidentiality or integrity  User Identification  Access Control  The bigger the system, the safer it is  MVS mainframe users (5%)  UNIX users (25%)  Desktop(windows) users (50%)  nontechnical attack An attack that uses chicanery to trick people into revealing sensitive information or performing actions that compromise the security of a network  social engineering A type of nontechnical attack that uses some ruse to trick users into revealing information or performing an action that compromises a computer or network • Fraud: – – • Resulting in direct financial loss. Funds might be transferred from one account to another, or financial records might simply be destroyed. Theft: – Theft of confidential, proprietary, technological, or marketing information belonging to the firm or to the customer. Made by: Mayank Kashyap Email: mayank_kashyap@ymail.com
  • 3. – • Disruption: – • An intruder may disclose such information to a third party, resulting in damage to a key customer, a client, or the firm itself. Disruption of service resulting in major losses to business or inconvenience to the customer. Fear that credit card information will be stolen deters online purchases Hackers target credit card files and other customer information files on merchant servers; use stolen data to establish credit under false identity One solution: New identity verification mechanisms  technical attack An attack perpetrated using software and systems knowledge or expertise  time-to-exploitation  The elapsed time between when a vulnerability is discovered and the time it is exploited  SpywareGuideA public reference site for spyware  zero-day incidents Attacks through previously unknown weaknesses in their computer networks  denial of service (DOS) attack An attack on a Web site in which an attacker uses specialized software to send a flood of data packets to the target computer with the aim of overloading its resources  Web server and Web page hijacking  botnet A huge number (e.g., hundreds of thousands) of hijacked Internet computers that have been set up to forward traffic, including spam and viruses, to other computers on the Internet  malware A generic term for malicious software  virus A piece of software code that inserts itself into a host, including the operating systems, in order to propagate; it requires that its host program be run to activate it  worm A software program that runs independently, consuming the resources of its host in order to maintain itself, that is capable of propagating a complete working version of itself onto another machine  macro virus (macro worm) Made by: Mayank Kashyap Email: mayank_kashyap@ymail.com
  • 4. A virus or worm that executes when the application object that contains the macro is opened or a particular procedure is executed  Trojan horse A program that appears to have a useful function but that contains a hidden function that presents a security risk  Trojan-Phisher-Rebery A new variant of a Trojan program that stole tens of thousands of stolen identities from 125 countries that the victims believed were collected by a legitimate company  banking Trojan A Trojan that comes to life when computer owners visit one of a number of online banking or e-commerce sites  rootkit A special Trojan horse program that modifies existing operating system software so that an intruder can hide the presence of the Trojan program • Bad applets (malicious mobile code)– • malicious Java applets or ActiveX controls that may be downloaded onto client and activated merely by surfing to a Web site Zombied PC’s - A zombie computer (often shortened as zombie) is a computer connected to the Internet that has been compromised by a hacker, computer virus or Trojan horse. Generally, a compromised machine is only one of many in a botnet, and will be used to perform malicious tasks of one sort or another under remote direction. Most owners of zombie computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to zombies. • Phishing - is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. – – • Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to fool users, and exploits the poor usability of current web security technologies. Sniffing: – • type of eavesdropping program that monitors information traveling over a network; enables hackers to steal proprietary information from anywhere on a network Spoofing: – Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else Encryption The process of scrambling (encrypting) a message in such a way that it is difficult, expensive, or time-consuming for an unauthorized person to unscramble (decrypt) it  plaintext An unencrypted message in human-readable form Made by: Mayank Kashyap Email: mayank_kashyap@ymail.com
  • 5.  ciphertext  A plaintext message after it has been encrypted into a machine-readable form  encryption algorithm The mathematical formula used to encrypt the plaintext into the ciphertext, and vice versa In cryptography, encryption is the process of encoding messages (or information) in such a way that eavesdroppers or hackers cannot read it, but that authorized parties can.[1]:374 In anencryption scheme, the message or information (referred to as plaintext) is encrypted using an encryption algorithm, turning it into an unreadable ciphertext (ibid.). This is usually done with the use of an encryption key, which specifies how the message is to be encoded. Any adversary that can see the ciphertext should not be able to determine anything about the original message. An authorized party, however, is able to decode the ciphertext using a decryption algorithm, that usually requires a secret decryption key, that adversaries do not have access to. For technical reasons, an encryption scheme usually needs a key-generation algorithm to randomly produce keys. Types of Encryption Algorithms  Symmetric  DES ( Digital Encryption Standard)  Asymmetric ( Public Key Cryptography)  RSA (Rivest Shamir Adleman) There are two basic types of encryption schemes: Symmetric-key and public-key encryption.[1]:375-376 In symmetric-key schemes, the encryption and decryption keys are the same. Thus communicating parties must agree on a secret key before they wish to communicate. In public-key schemes, the encryption key is published for anyone to use and encrypt messages. However, only the receiving party has access to the decryption key and is capable of reading the encrypted messages.[2] Public-key encryption is a relatively recent invention: historically, all encryption schemes have been symmetrickey (also called private-key) schemes.[1]:4 Made by: Mayank Kashyap Email: mayank_kashyap@ymail.com
  • 6. Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries).[2]More generally, it is about constructing and analyzing protocols that overcome the influence of adversaries[3] and which are related to various aspects in information security such as data confidentiality, data integrity, authentication, and nonrepudiation.[4] Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce. Cryptography prior to the modern age was effectively synonymous with encryption, the conversion of information from a readable state to apparent nonsense. The originator of an encrypted message shared the decoding technique needed to recover the original information only with intended recipients, thereby precluding unwanted persons to do the same The modern field of cryptography can be divided into several areas of study Types of Cryptography There are two main types of cryptography:  Secret key cryptography  Public key cryptography In cryptographic systems, the term key refers to a numerical value used by an algorithm to alter information, making that information secure and visible only to individuals who have the corresponding key to recover the information. Secret key cryptography is also known as symmetric key cryptography. With this type of cryptography, both the sender and the receiver know the same secret code, called the key. Messages are encrypted by the sender using the key and decrypted by the receiver using the same key. Symmetric-key cryptography refers to encryption methods in which both the sender and receiver share the same key (or, less commonly, in which their keys are different, but related in an easily computable way). This was the only kind of encryption publicly known until June 1976. This method works well if you are communicating with only a limited number of people, but it becomes impractical to exchange secret keys with large numbers of people. In addition, there is also the problem of how you communicate the secret key securely. Public key cryptography, also called asymmetric encryption, uses a pair of keys for encryption and decryption. With public key cryptography, keys work in pairs of matched public and private keys. The public key can be freely distributed without compromising the private key, which must be kept secret by its owner. Because these keys work only as a pair, encryption initiated with the public key can be decrypted only with the corresponding private key. The following example illustrates how public key cryptography works:  Ann wants to communicate secretly with Bill. Ann encrypts her message using Bill’s public key (which Bill made available to everyone) and Ann sends the scrambled message to Bill.  When Bill receives the message, he uses his private key to unscramble the message so that he can read it. Made by: Mayank Kashyap Email: mayank_kashyap@ymail.com
  • 7.  When Bill sends a reply to Ann, he scrambles the message using Ann’s public key.  When Ann receives Bill’s reply, she uses her private key to unscramble his message. The major advantage asymmetric encryption offers over symmetric key cryptography is that senders and receivers do not have to communicate keys up front. Provided the private key is kept secret, confidential communication is possible using the public keys. Cryptanalysis The goal of cryptanalysis is to find some weakness or insecurity in a cryptographic scheme, thus permitting its subversion or evasion PUBLIC KEY AND PRIVATE KEY Public-key cryptography refers to a cryptographic system requiring two separate keys, one of which is secret and one of which is public. Although different, the two parts of the key pair are mathematically linked. One key locks or encrypts the plaintext, and the other unlocks or decrypts the ciphertext. Neither key can perform both functions by itself. The public key may be published without compromising security, while the private key must not be revealed to anyone not authorized to read the messages. here are three primary kinds of public key systems: public key distribution systems digital signature systems public key cryptosystems( which can perform both public key distribution and digital signature services) How it works The distinguishing technique used in public-key cryptography is the use of asymmetric key algorithms, where the key used to encrypt a message is not the same as the key used to decrypt it. Each user has a pair of cryptographic keys – a public encryption key and a private decryption key. The publicly available encrypting-key is widely distributed, while the private decrypting-key is known only to its proprietor. The keys are related mathematically, but the parameters are chosen so that calculating the private key from the public key is either impossible or prohibitively expensive. Because the key pair is Made by: Mayank Kashyap Email: mayank_kashyap@ymail.com
  • 8. mathematically related, whatever is encrypted with a Public Key may only be decrypted by its corresponding Private Key and vice versa. For example, if Bob wants to send sensitive data to Alice, and wants to be sure that only Alice may be able to read it, he will encrypt the data with Alice's Public Key. Only Alice has access to her corresponding Private Key and as a result is the only person with the capability of decrypting the encrypted data back into its original form. As only Alice has access to her Private Key, it is possible that only Alice can decrypt the encrypted data. Even if someone else gains access to the encrypted data, it will remain confidential as they should not have access to Alice's Private Key. DIGITAL SIGNATURE A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, such that the sender cannot deny having sent the message (authentication and non-repudiation) and that the message was not altered in transit (integrity). Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering. Digital signatures employ a type of asymmetric cryptography. For messages sent through a nonsecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. Digital signatures are equivalent to traditional handwritten signatures in many respects, but properly implemented digital signatures are more difficult to forge than the handwritten type. PROCESS Made by: Mayank Kashyap Email: mayank_kashyap@ymail.com
  • 9. Uses of digital signatures Authentication For example, suppose a bank's branch office sends instructions to the central office requesting a change in the balance of an account. If the central office is not convinced that such a message is truly sent from an authorized source, acting on such a request could be a grave mistake. Integrity If a message is digitally signed, any change in the message after signature will invalidate the signature. Non-repudiation By this property, an entity that has signed some information cannot at a later time deny having signed it. Similarly, access to the public key only does not enable a fraudulent party to fake a valid signature. Made by: Mayank Kashyap Email: mayank_kashyap@ymail.com
  • 10. DIGITAL CERTIFICATE In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document that uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.  Issued by trusted third parties known as Certificate Authorities (CAs)  Used to authenticate an individual or an organization  Digital Certificates are usually given for a period of one year  They can be revoked  It is given at various security levels.  Digital Certificates can be issued by any one as long as there are people willing to believe them.  Digital Certificates are part of the authentication mechanism. The other part is Digital Signature.  For ex.digital certificates in mobile applications Contents of a typical digital certificate Serial Number: Used to uniquely identify the certificate. Subject: The person, or entity identified. Signature Algorithm: The algorithm used to create the signature. Signature: The actual signature to verify that it came from the issuer. Issuer: The entity that verified the information and issued the certificate. Valid-From: The date the certificate is first valid from. Valid-To: The expiration date. Key-Usage: Purpose of the public key (e.g. encipherment, signature, certificate signing...). Public Key: The public key. Thumbprint Algorithm: The algorithm used to hash the public key certificate. Thumbprint: The hash itself, used as an abbreviated form of the public key certificate. Difference between digital certificate and digital signature A digital signature is used to verify a message's authenticity. It is basically an encrypted hash of the message (message digest). The recipient can check if the message was tampered with by hashing the received message and comparing this value with the decrypted signature. To decrypt the signature, the corresponding public key is required. A digital certificate is used to bind public keys to persons or other entities. If there were no certificates, the signature could be easily be forged, as the recipient could not check if the public key belongs to the sender. Thus, digital certificate is used to verify public key's authenticity. Made by: Mayank Kashyap Email: mayank_kashyap@ymail.com
  • 11. The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems.[1] HTTP is the foundation of data communication for the World Wide Web. Hypertext is a multi-linear set of objects, building a network by using logical links (the so-called hyperlinks) between the nodes (e.g. text or words). HTTP is the protocol to exchange or transfer hypertext. HTTP Secure Hypertext Transfer Protocol Secure (HTTPS) is a communications protocol for secure communication over a computer network, with especially wide deployment on the Internet. Technically, it is not a protocol in and of itself; rather, it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications. In its popular deployment on the internet, HTTPS provides authentication of the web site and associated web server that one is communicating with, which protects against man-in-the-middle attacks. Additionally, it provides bidirectional encryption of communications between a client and server, which protects against eavesdropping and tampering with and/or forging the contents of the communication.[1] In practice, this provides a reasonable guarantee that one is communicating with precisely the web site that one intended to communicate with (as opposed to an imposter), as well as ensuring that the contents of communications between the user and site cannot be read or forged by any third party. • It is a protocol used to secure web transactions • HTTP is a request response communication mechanism between a web browser and a web server. • Do not confuse between the two- HTTPS and S-HTTP • Hypertext Transfer Protocol Secure (HTTPS) is a combination of the Hypertext Transfer Protocol with the SSL/TLS protocol to provide encrypted communication and secure identification of a network web server. • HTTPS connections are often used for payment transactions on the World Wide Web and for sensitive transactions in corporate information systems. • HTTPS and S-HTTP were both defined in the mid-1990s to address this need. Netscape and Microsoft supported HTTPS rather than S-HTTP, leading to HTTPS becoming the de facto standard mechanism for securing web communications. • It provides: • Confidentiality • Authenticity • Integrity • Ensures nonrepudiation • It is more robust that SSL • But is not widely popular because of Netscape market penetration. • It is compatible with HTTP and can integrate with HTTP applications. • It allows client machine and server machine to communicate easily through encrypted data exchange over Internet Made by: Mayank Kashyap Email: mayank_kashyap@ymail.com
  • 12. • It supports only symmetric key cryptography and does not require digital certificates or public key. • As it operates on application layer, it provides user authentication and is capable of securing only parts of documents. Difference from HTTP HTTPS URLs begin with "https://" and use port 443 by default, whereas HTTP URLs begin with "http://" and use port 80 by default. HTTP is insecure and is subject to man-in-the-middle and eavesdropping attacks, which can let attackers gain access to website accounts and sensitive information. HTTPS is designed to withstand such attacks and is considered secure against such attacks (with the exception of older deprecated versions of SSL). HTTPS is typically slower than HTTP. When large amounts of data are processing over a port performance differences become evident.  Secure Socket Layer (SSL) The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the Internet. SSL has recently been succeeded by Transport Layer Security (TLS), which is based on SSL. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers. SSL is included as part of both the Microsoft and Netscape browsers and most Web server products. Developed by Netscape, SSL also gained the support of Microsoft and other Internet client/server developers as well and became the de facto standard until evolving into Transport Layer Security. The "sockets" part of the term refers to the sockets method of passing data back and forth between a client and a server program in a network or between program layers in the same computer. SSL uses the public-and-private key encryption system from RSA, which also includes the use of a digital certificate. Protocol that utilizes standard certificates for authentication and data encryption to ensure privacy or confidentiality. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers. The "sockets" part of the term refers to the sockets method of passing data back and forth between a client and a server program in a network or between program layers in the same computer. • It is a key protocol for secure Web transactions. • Secures data packets at the network layer. • Originally it was developed by Netscape. • Now it is widely used as a standard for encrypting data on the Internet. • It is used by all Netscape’s browser products and Microsoft Internet Explorer 3.0 or higher versions. • One requirement for using SSL is that both merchant’s web server and customer’s web browser must use the same security system. • Advantage of this protocol is that as it is used by all URLs beginning with http, no problem arise in interfacing online. • It provides three basic services: • Server authentication • Client authentication • Encrypted SSL connection Made by: Mayank Kashyap Email: mayank_kashyap@ymail.com
  • 13. • SSL server authentication uses public key cryptography to validate the server’s digital signature. • Similarly public key cryptography is used to validate client’s machine. • It allows client and server to select an encryption algorithm for secure connection. • The key to this algorithm is transmitted using public key cryptography. • Communication is performed using secret key.  FIREWALLS  firewall A single point between two or more networks where all traffic must pass (choke point); the device authenticates, controls, and logs all traffic. In computing, a firewall is software or hardware-based network security system that controls the incoming and outgoing network traffic by analyzing the data packets and determining whether they should be allowed through or not, based on a rule set. A network's firewall builds a bridge between the internal network or computer it protects, upon securing that the other network is secure and trusted, usually an external (inter)network, such as the Internet, that is not assumed to be secure and trusted.[1] Many personal computer operating systems include software-based firewalls to protect against threats from the public Internet. Many routers that pass data between networks contain firewall components and, conversely, many firewalls can perform basic routing functions  Firewalls can be designed to protect against:  Remote login  Application backdoors  SMTP session hijacking  Macros  Viruses  Spam There are different types of firewalls depending on where the communication is taking place Network layer or packet filters Network layer firewalls, also called packet filters, operate at a relatively low level of the TCP/IP protocol stack, not allowing packets to pass through the firewall unless they match the established rule set Application-layer Made by: Mayank Kashyap Email: mayank_kashyap@ymail.com
  • 14. Application-layer firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and may intercept all packets traveling to or from an application. They block other packets (usually dropping them without acknowledgment to the sender). On inspecting all packets for improper content, firewalls can restrict or prevent outright the spread of networked computer worms and trojans. The additional inspection criteria can add extra latency to the forwarding of packets to their destination. Proxies A proxy server (running either on dedicated hardware or as software on a general-purpose machine) may act as a firewall by responding to input packets (connection requests, for example) in the manner of an application, while blocking other packets. A proxy server is a gateway from one network to another for a specific network application, in the sense that it functions as a proxy on behalf of the network user Network address translation Firewalls often have network address translation (NAT) functionality, and the hosts protected behind a firewall commonly have addresses in the "private address range", as defined in RFC 1918. Firewalls often have such functionality to hide the true address of protected hosts  personal firewall A network node designed to protect an individual user’s desktop system from the public network by monitoring all the traffic that passes through the computer’s network interface card A personal firewall differs from a conventional firewall in terms of scale. A personal firewall will usually protect only the computer on which it is installed, as compared to a conventional firewall which is normally installed on a designated interface between two or more networks, such as a router or proxy server. Hence, personal firewalls allow a security policy to be defined for individual computers, whereas a conventional firewall controls the policy between the networks that it connects. Features Common personal firewall features:  Protects the user from unwanted incoming connection attempts  Allows the user to control which programs can and cannot access the local network and/or Internet and provide the user with information about an application that makes a connection attempt  Block or alert the user about outgoing connection attempts  Hide the computer from port scans by not responding to unsolicited network traffic  Monitor applications that are listening for incoming connections  Monitor and regulate all incoming and outgoing Internet users  Prevent unwanted network traffic from locally installed applications  Provide information about the destination server with which an application is attempting to communicate Limitations  If the system has been compromised by malware, spyware or similar software, these programs can also manipulate the firewall, because both are running on the same system. It may be possible to bypass or even completely shut down software firewalls in such a manner.  The alerts generated can possibly desensitize users to alerts by warning the user of actions that may not be malicious.  Software firewalls that interface with the operating system or with other firewalls or security software at the kernel mode level may potentially cause instability and/or introduce security flaws Made by: Mayank Kashyap Email: mayank_kashyap@ymail.com
  • 15. Intrusion detection system An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security policies, documenting existing threats and deterring individuals from violating security policies. IDPSes have become a necessary addition to the security infrastructure of nearly every organization.[1] IDPSes typically record information related to observed events, notify security administrators of important observed events and produce reports. Many IDPSes can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g. reconfiguring a firewall) or changing the attack's content. All Intrusion Detection Systems use one of two detection techniques: Statistical anomaly-based IDS A statistical anomaly-based IDS determines normal network activity like what sort of bandwidth is generally used, what protocols are used, what ports and devices generally connect to each other- and alert the administrator or user when traffic is detected which is anomalous(not normal). Signature-based IDS Signature based IDS monitors packets in the Network and compares with pre-configured and pre-determined attack patterns known as signatures. Limitations  Noise can severely limit an Intrusion detection system's effectiveness. Bad packets generated from software bugs, corrupt DNS data, and local packets that escaped can create a significantly high false-alarm rate.[5]  It is not uncommon for the number of real attacks to be far below the false-alarm rate. Real attacks are often so far below the false-alarm rate that they are often missed and ignored.[5]  Many attacks are geared for specific versions of software that are usually outdated. A constantly changing library of signatures is needed to mitigate threats. Outdated signature databases can leave the IDS vulnerable to new strategies.[5] Made by: Mayank Kashyap Email: mayank_kashyap@ymail.com
  • 16.  For signature-based IDSs there will be lag between the new threat discovered and signature being applied in IDS for detecting the threat. During this lag time the IDS will be unable to identify the threat Virtual private network (VPN) A network that uses the public Internet to carry information but remains private by using encryption to scramble the communications, authentication to ensure that information has not been tampered with, and access control to verify the identity of anyone using the network. A virtual private network (VPN) extends a private network across public networks like the Internet. It enables a host computer to send and receive data across shared or public networks as if they were an integral part of the private network with all the functionality, security and management policies of the private network.[1] This is done by establishing a virtual point-to-pointconnection through the use of dedicated connections, encryption, or a combination of the two. The VPN connection across the Internet is technically a wide area network (WAN) link between the sites. From a user perspective, the extended network resources are accessed in the same way as resources available from the private network—hence the name "virtual private network Security mechanisms To prevent disclosure of private information, VPNs typically allow only authenticated remote access and make use of encryption techniques. VPNs provide security by the use of tunneling protocols and through security procedures[7] such as encryption. The VPN security model provides:  confidentiality such that even if the network traffic is sniffed at the packet level (see network sniffer and Deep packet inspection), an attacker would only see encrypted data  sender authentication to prevent unauthorized users from accessing the VPN.  message integrity to detect any instances of tampering with transmitted messages Public-key infrastructure Made by: Mayank Kashyap Email: mayank_kashyap@ymail.com
  • 17. A public-key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.[1] In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique within each CA domain. The third-party Validation Authority (VA) can provide this information on behalf of CA. The binding is established through the registration and issuance process, which, depending on the level of assurance the binding has, may be carried out by software at a CA, or under human supervision. The PKI role that assures this binding is called the Registration Authority (RA). The RA ensures that the public key is bound to the individual to which it is assigned in a way that ensures non-repudiation Public-key cryptography is a cryptographic technique that enables users to securely communicate on an insecure public network, and reliably verify the identity of a user via digital signatures.[2] A public-key infrastructure (PKI) is a system for the creation, storage, and distribution of digital certificates which are used to verify that a particular public key belongs to a certain entity. The PKI creates digital certificates which map public keys to entities, securely stores these certificates in a central repository, and revokes them if needed.[3][4][5] A PKI consists of:[4][6][7]  A certificate authority (CA) that both issues and verifies the digital certificates.  A registration authority which verifies the identity of users requesting information from the CA  A central directory—i.e. a secure location in which to store and index keys.  A certificate management system[clarification needed]  A certificate policy Broadly speaking, there are three approaches to getting this trust: certificate authorities (CAs), web of trust (WoT), and simple public-key infrastructure (SPKI). Advantages  Improving business processes by enabling time optimization, managing errors and reducing costs.  Improving client and user satisfaction, enabling communications from anywhere and at any time.  The Administration must specially assure its procedures, which means that the security mechanisms used should offer a high trust level.  Electronic Administration significantly improves citizen service levels, thus increasing citizen satisfaction. One of the key benefits of PKI technology is the business process optimization, guaranteeing the security of electronic data and eliminating physical paper needs. Here are some examples: Made by: Mayank Kashyap Email: mayank_kashyap@ymail.com
  • 18.  In the health sector scenario, data access control and data protection are essential for supplying information concerning a patient’s health record, which is confidential. Electronic signatures will also be applied to electronic prescriptions, improving the security of the current prescription system and optimizing the process.  In the banking scenario, digital certificates are required to control clients’ access to their banking accounts and to digitally sign transaction orders. In this scenario, secure validation of the digital certificate prior to accepting the transaction will be increasingly important the greater the transactional sum.  In the defence sector, data confidentiality and authenticity is particularly important. Stored data, e-mail messages and communications are encrypted with strong encryption algorithms and keys. a. What is firewall? What is the purpose of firewall? How do we implement firewall? What are the various types of firewall? Ans. A firewall is a device (usually a router or a computer) installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. A firewall can be used to deny access to a specific host or a specific service in the organization. A firewall is usually classified as a packet-filter firewall or a proxy-based firewall. A firewall is a security device that can be a software program or a dedicated network appliance. The main purpose of a firewall is to separate a secure area from a less secure area and to control communications between the two. Firewalls can perform a variety of other functions, but are chiefly responsible for controlling inbound and outbound communications on anything from a single machine to an entire network. Types of Firewall: 1. Packet-Filter Firewall a. A firewall can be used as a packet filter. b. It can forward or block packets based on the information in the network layer and transport layer headers. c. A packet-filter firewall is a router that uses a filtering table to decide which packets must be discarded (not forwarded). d. A packet filter firewall filters at the network or transport layer. 2. Proxy Firewall a. Sometimes we need to filter a message based on the information available in the message itself (at the application layer). E.g. Organization allowing access only to customers having business relations. a. In this case testing must be done at the application level (using URLs). Made by: Mayank Kashyap Email: mayank_kashyap@ymail.com
  • 19. b. One solution is to install a proxy computer (sometimes called an application gateway),which stands between the customer (user client) computer and the corporation computer. c. A proxy firewall filters at the application layer. Conceptually, the usage of firewalls at: 1. Network layer 2. Application layer They are not as different as you might think, and latest technologies are blurring the distinction to the point where it's no longer clear if either one is ``better'' or ``worse.'' As always, you need to be careful to pick the type that meets your needs. This is which depends on what mechanisms the firewall uses to pass traffic from one security zone to another. The International Standards Organization (ISO) Open Systems Interconnect (OSI) model for networking defines seven layers, where each layer provides services that ``higher-level'' layers depend on. In order from the bottom, these layers are physical, data link, network, transport, session, presentation, application. The important thing to recognize is that the lower-level the forwarding mechanism, the less examination the firewall can perform. Generally speaking, lower-level firewalls are faster, but are easier to fool into doing the wrong thing. 3.2.1 Network layer firewalls These generally make their decisions based on the source, destination addresses and ports (see Appendix C for a more detailed discussion of ports) in individual IP packets. A simple router is the ``traditional'' network layer firewall, since it is not able to make particularly sophisticated decisions about what a packet is actually talking to or where it actually came from. Modern network layer firewalls have become increasingly sophisticated, and now maintain internal information about the state of connections passing through them, the contents of some of the data streams, and so on. One thing that's an important distinction about many network layer firewalls is that they route traffic directly though them, so to use one you either need to have a validly assigned IP address block or to use a ``private internet'' address block [3]. Network layer firewalls tend to be very fast and tend to be very transparent to users. Figure 1: Screened Host Firewall Made by: Mayank Kashyap Email: mayank_kashyap@ymail.com
  • 20. In Figure 1, a network layer firewall called a ``screened host firewall'' is represented. In a screened host firewall, access to and from a single host is controlled by means of a router operating at a network layer. The single host is a bastion host; a highlydefended and secured strong-point that (hopefully) can resist attack. Figure 2: Screened Subnet Firewall Example Network layer firewall : In figure 2, a network layer firewall called a ``screened subnet firewall'' is represented. In a screened subnet firewall, access to and from a whole network is controlled by means of a router operating at a network layer. It is similar to a screened host, except that it is, effectively, a network of screened hosts. 3.2.2 Application layer firewalls These generally are hosts running proxy servers, which permit no traffic directly between networks, and which perform elaborate logging and auditing of traffic passing through them. Since the proxy applications are software components running on the firewall, it is a good place to do lots of logging and access control. Application layer firewalls can be used as network address translators, since traffic goes in one ``side'' and out the other, after having passed through an application that effectively masks the origin of the initiating connection. Having an application in the way in some cases may impact performance and may make the firewall less transparent. Early application layer firewalls such as those built using the TIS firewall toolkit, are not particularly transparent to end users and may require some training. Modern application layer firewalls are often fully transparent. Application layer firewalls tend to provide more detailed audit reports and tend to enforce more conservative security models than network layer firewalls. Figure 3: Dual Homed Gateway Made by: Mayank Kashyap Email: mayank_kashyap@ymail.com
  • 21. Example Application layer firewall : In figure 3, an application layer firewall called a ``dual homed gateway'' is represented. A dual homed gateway is a highly secured host that runs proxy software. It has two network interfaces, one on each network, and blocks all traffic passing through it. The Future of firewalls lies someplace between network layer firewalls and application layer firewalls. It is likely that network layer firewalls will become increasingly ``aware'' of the information going through them, and application layer firewalls will become increasingly ``low level'' and transparent. The end result will be a fast packet-screening system that logs and audits data as it passes through. Increasingly, firewalls (network and application layer) incorporate encryption so that they may protect traffic passing between them over the Internet. Firewalls with end-to-end encryption can be used by organizations with multiple points of Internet connectivity to use the Internet as a ``private backbone'' without worrying about their data or passwords being sniffed. b. Why do we need VPN even if there are other options provided such as “setting up own network” or “opting for lease lines”. Explain with reasons. VPN is a group of computers (or discrete networks) networked together through over a public network—namely, the internet. Businesses use VPNs to connect remote datacenters, and individuals can use VPNs to get access to network resources when they're not physically on the same LAN (local area network), or as a method for securing and encrypting their communications when they're using an un-trusted public network. Made by: Mayank Kashyap Email: mayank_kashyap@ymail.com
  • 22. When you connect to a VPN, you usually launch a VPN client on your computer (or click a link on a special website), log in with your credentials, and your computer exchanges trusted keys with a far away server. Once both computers have verified each other as authentic, all of your internet communication is encrypted and secured from eavesdropping. The most important thing you need to know about a VPN: It secures your computer's internet connection to guarantee that all of the data you're sending and receiving is encrypted and secured from prying eyes. Whether the VPNs you're familiar with are the ones offered by your school or business to help you work or stay connected when you're traveling or the ones you pay to get you watch your favorite shows in another country as they air, they're all doing the same thing. Benefits for using VPN: A VPN alone is just a way to bolster your security and access resources on a network that are not physically connected to. VPN users fall into a few separate categories:  The student/worker. This person has responsibilities to attend to, and uses a VPN provided by their school or company to access resources on their network when they're at home or traveling. In most cases, this person already has a free VPN service provided to them, so they're not exactly shopping around. Also, if they're worried about security, they can always fire up their VPN when using airport or cafe WI-Fi to ensure no one's snooping on their connection  The downloader. Whether they're downloading legally or illegally, this person doesn't want on some company's witch-hunt list just because they have a torrent application installed on their computer. VPNs are the only way to stay safe when using something like BitTorrent  The privacy minded and security advocate. Whether they're a in a strictly monitored environment or a completely free and open one, this person uses VPN services to keep their communications secure and encrypted and away from prying eyes whether they're at home or abroad. To them, unsecured connections mean someone's reading what you say.  The globetrotter. The person wants to check out their favorite TV shows as they air instead of waiting for translations or re-broadcasts (or watch the versions aired in other countries,) listen to location-restricted streaming internet radio, or want to use a new web service or application that looks great but for some reason is limited to a specific country or region.  Some combination of the above. Odds are, even if you're not one of these people more often than not, you're some mix of them depending on what you're doing. In all of these cases, a VPN service can be helpful, whether it's just a matter of protecting yourself when you're out and about, whether you handle sensitive data for your job and don't want to get fired, or you're just covering your own ass from the MPAA. Made by: Mayank Kashyap Email: mayank_kashyap@ymail.com