The Internet Architecture Board (IAB) supervises the technical development of the internet. Originally founded by the US Department of Defense, it was later named the IAB and placed under the Internet Society (ISOC), an international organization that promotes internet usage. ISOC has over 100 organizational and 28,000 individual members in over 80 chapters worldwide.
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
ITFT - Web security
1. The Internet Architecure Board
The internet architecture board (IAB) is the
committee responsible for supervising the technical
and engineering development of the internet. The
IAB committee is appointed by the Internet Society
(ISOC), which is an international organization whose
mission is to encourage Internet usage. The Internet
Society has more than 100 organizational and more
than 28,000 individual members in over 80 chapters
around the world.
2. Originally IAB was founded by the United States
Department of Defense's ‘Defense Advanced
Research Projects Agency’ that is responsible for
development of new technology for use by the
US military. In 1979, it was named Internet
Configuration Control Board. Its name was
changed to Internet Advisory Board in 1984 and
internet Activities Board in 1986. In January 1992,
it became Internet Architecture Board under
ISOC.
3.
4. Web Security
The web security is required to protect the web sites from
unauthorized access, information disclosure and data
theft. Security on the web can be ensured using the
following mechanism:
5. Encryption:
• It is the process of translating data into a secret code
that cannot be easily understood by the unauthorized
people. Encryption is the best technique of achieving
data security. A secret key or password is needed to read
an encrypted data. Unencrypted data is referred as plain
text while encrypted data is called cipher text.
There are two types of encryption:
• Asymmetric encryption or public - key encryption
• Symmetric encryption
6. Asymmetric Encryption
• This type of encryption makes use of two keys- a private
key and a public key. The private key also known as
secret key is available to the recipient of the data only
whereas the knowledge of public key is known to all.
• For instance, when Robert wants to send a message to
Jane, he uses Jane’s public key to encrypt the message.
Jane then uses her private key to decrypt the message.
In asymmetric encryption, there is a relation between
the public key and private keys in a way that for the
encryption of the messages only the public key can be
used and for the decryption, only corresponding private
key can be used.
7. Asymmetric
• To use asymmetric encryption, there must be a
way for people to discover other public keys. The
typical technique is to use digital certificates (also
known simply as certificates). A certificate is a
package of information that identifies a user or a
server, and contains information such as the
organization name, the organization that issued
the certificate, the user's e-mail address and
country, and the user's public key.
8.
9. Symmetric Encryption
• It is a type of encryption where the same key is
used to encrypt and decrypt the data. The
sender of the information encrypts the data
using the shared keys and the receiver decrypts
the information using the same key.
10.
11. Secure Sockets Layer(SSL)
Netscape developed this protocol to transmit
private data through the web. Data is encrypted
in SSL with the use of two keys, private key and
public key.
Secure HTTP: It is a protocol for transmitting data
securely over the world wide web. S-HTTP and
SSL help each other to transmit the information
securely. A connection between the client and a
server is created by SSL, over which data of any
amount can be securely sent.
•
12. Secure HTTP
• Another protocol for transmitting data securely over
the World Wide Web is Secure HTTP (S-HTTP)
• . Whereas SSL creates a secure connection between a
client and a server, over which any amount of data
can be sent securely, S-HTTP is designed to transmit
individual messages securely. SSL and S-HTTP,
therefore, can be seen as complementary rather than
competing tech.
• Both protocols have been approved by the Internet
Engineering Task Force (IETF) as a standard.
13. Firewall
• Firewalls are often used to prevent unauthorized
users on the web from accessing private networks.
• The private networks are used and maintained by the
companies to exchange business information. All the
messages that enter or leave the private network go
through the firewall. Each message is examined by
the firewall and the ones that do not fulfill the
security criteria specified, are blocked.
14.
15. Security of the Web servers
It is possible to protect web servers from the
risks that can affect information security through
good security practices. Following are the practices
that can be adopted to secure the web servers:
Remove all unnecessary services from your web
server because an unnecessary service can become a
possibility of unauthorized access.
Remote server administration should be
avoided until and unless it is done using a secured
connection or password.
16. Cont…
The number of individuals who access the web
server should be limited.
All the server updates should be done through
intranet.
We should have intrusion detection software
(IDS) installed on web servers which inspects all the
network activities and identifies the suspicious
activities that may indicate an unauthorized access to
the web server.