SlideShare a Scribd company logo

Unit-5.pptx

Download as PPTX, PDF
R
RoyBokhiriya

Nma network management

Engineering
1 of 38
Intruders • An Intruder (Hacker or Cracker) is a person who attempts to gain unauthorized access to a system, to damage that system, or to disturb data on that system. • Three Classes Of Intruders: 1. Masquerader: An individual who is not authorized to use the computer and who penetrates a system’s access controls to exploit a legitimate user’s account. 2. Misfeasor: A legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges. 3. Clandestine user: An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection The masquerader is likely to be an outsider.
Secure Electronic Transaction (SET) • SET is set of protocols and formats designed to protect credit card transactions through Internet. OR • SET is a system for ensuring the security of financial transactions on the Internet, It was supported initially by MasterCard, Visa, Microsoft, Netscape, and others. •With SET, a user is given an electronic wallet (digital certificate) and a transaction is conducted and verified using a combination of digital certificates and digital signatures among the purchaser, a merchant, and the purchaser's bank in a way that ensures privacy and confidentiality. • SET makes use of Netscape's Secure Sockets Layer (SSL), Microsoft's Secure Transaction Technology (STT), and Teresa System's Secure Hypertext Transfer Protocol (S-HTTP).
SET Participants • The basic figure is,
1. Cardholder (Customer) • This is an authorized holder of a payment card (e.g., MasterCard, Visa) that has been issued by an issuer. 2. Merchant (Web Server) • This is a person or organization who has things to sell to the cardholder. 3. Issuer (Issuers bank) • This is a financial institution such as a bank that provides the card holder with the payment card. 4. Acquirer • This is a financial institution that establishes an account with the merchant and processes credit card authorizations and payments 5. CA • This is an entity that is entrusted to issue X.509v3 public-key certificates for cardholders, merchants, and payment gateways. 6. Payment Gateway • This is a function that can be undertaken by the acquirer or some third party that processes merchant payment messages and Performs Authentication Function
SET Transaction • The basic figure is,
1. Customer Opens an account – customer gets a credit card account from, such as a Visa or MasterCard, with a bank that supports SET. 2. The customer places an order and Payment Information together with the customers certificate so the merchant can verify that he is dealing with a valid customer. The PI is encrypted in such a way that the merchant cannot read it. 3. Merchant Requests PI authorization – The merchant forwards the PI to the payment gateway, to determine whether the customer has sufficient funds/credit for the purchase. 4. Merchant’s bank checks with Issuer for Payment Authorization. 5. Issuer Authorizes Payment. 6. Merchant’s Bank Sends Payment Authorization to Merchant. 7. Merchant Confirms the order –Merchant sends confirmation of the order to the customer. Merchant ships goods and services. 8. Merchant capture all transaction detail from merchant’s bank. 9. Issuer sends Credit Card Bill
IDS (Intusion Detection System) • An IDS is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. • Intrusion – A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability, of a computing and networking resource. • Intrusion detection – The process of identifying and responding to intrusion activities. • Functions of IDS: 1. Monitoring and analyzing both user and system activities. 2. Analyzing system configuration and vulnerabilities. 3. Assessing system and file integrity. 4. Ability to recognize patterns typical of attacks. 5. Analysis of abnormal activity patterns. 6. Tracking user policy violations.
IDS Types • Different Ways to classify the IDS are depicted below, 1. Network based (NIDS) 2. Host based (HIDS) 3. Anomaly detection 4. Signature based misuse
1. NIDS • NIDS are placed at a strategic point or points within the network to monitor traffic to and from all devices on the network. • A NIDS reads all inbound packets and searches for any suspicious patterns. • When threats are discovered, based on its severity, the system can take action such as notifying administrators. • A NIDS is used to monitor and analyze network traffic to protect a system from network based threats. • Example of the NIDS would be installing it on the subnet where firewalls are located in ordered to see if someone is trying to break into the firewall.
• The basic figure is,
Advantages: • A few well-placed NIDS can monitor a large network. • The deploying of NIDS has little impact upon an existing network. • NIDS are usually passive device that listen on a network wire without interfacing with the normal operation of a network. • NIDS can be made very secure against attack and even made invisible to many attackers. Disadvantages: • NIDS may have Difficulty processing all packets in a large or busy network and, therefore, may fail to recognize an attack launched during period of high traffic. • Most NIDS can not tell whether or not an attack was successful; they can only find that an attack was initiated.
2. HIDS • HIDS run on individual hosts or devices on the network. • HIDS is an intrusion detection system that monitors and analyzes the internal of a computing system as well as the network packets on its network. • A HIDS monitors the inbound and outbound packets from the device only and will alert the user or administrator if suspicious activity is detected. • If the critical system files were modified or deleted, the alert is sent to the administrator to investigate. • An example of HIDS usage can be seen on mission critical machines, which are not expected to change their configurations.
• The basic figure is,
Advantages: • Verifies success or failure of an attack . • Monitors system activities. • Detects attacks that a network based IDS fail to detect. • Near real time detection and response . • Lower cost. Disadvantages: • HIDS are harder to manage. • The information sources for HIDS reside on the host targeted by attacks , the IDS may be attacked and disabled as a part of the attack. • HIDS are not well suited for detecting network scans or other such surveillance that targets an entire network. • HIDS can be disabled by certain DOS attacks.
3. Anomaly Based IDS • An IDS which is anomaly based will monitor network traffic and compare it against an established baseline. • The baseline will identify what is “normal” for that network and alert the administrator or user when traffic is detected which is significantly different, than the baseline. • The classification is based on heuristics or rules, rather than patterns or signatures, and attempts to detect any type of misuse that falls out of normal system operation. • This is as opposed to signature based system which can only detect attacks for which a signature has previously been created. • In order to determine what is attack traffic, the system must be taught to recognize normal system activity. • This can be accomplished in several ways, most often with artificial intelligence type techniques.
Disadvantages: • These generate many false alarms and hence compromise the effectiveness of the IDS.
4. Signature Based IDS • A signature based IDS will monitor packets on the network and compare them against a database of signatures or attributes from known malicious threats. • This is similar to the way most antivirus software detects malware. • Until you didn't update your signature, your IDS would be unable to detect the new threat. • Signature detection involves searching network traffic for a series of bytes or packet sequence know to be malicious.
Advantages: • Signature are easy to develop and understand if you are know what network behavior you’re trying to identify. • The event generated by signature based IDS generate a alarm. • Pattern matching can be performed very quickly on modern systems so the amount of power needed to perform these checks is minimal for a confined rule set. Disadvantages: • They are unable to detect novel attacks. • Suffer from false alarms. • Have to programmed again for every new pattern to be detected.
SSL & TLS • SSL(Secure Socket Layer) & TLS (Transport Layer Security) Both provide a secure transport connection between applications (e.g., web server and a browser). • SSL was developed by Netscape, SSL version 3.0 has been implemented in many web browsers (e.g., Netscape Navigator and MS Internet Explorer) and web servers and widely used on the Internet • SSL v3.0 was specified in an Internet Draft (1996) • TLS can be viewed as SSL v3.1 • Transport Layer Security (TLS) is an email security tool based on the Secure Sockets Layer (SSL) 3.0 protocol. It secures the transmission of email over the internet using standard encryption technology. • TLS provides transport layer security for Internet applications.
SSL & TLS Architecture • SSL is designed to provide security and compression services to data generated from the application layer. • SSL protocol is implemented just above the TCP to provide web security. • SSL is designed to make use of TCP to provide a reliable end-to-end secure service. • The Location of SSL & TLS in internet model are depicted below,
SSL & TLS Protocol Stack • Four Protocols defined by SSL. 1. Handshake Protocol 2. Record Protocol 3. Alert Protocol 4. Change Chiper Spec Protocol
1. Handshake Protocol • TLS Handshake Protocol is layered on top of the TLS Record Protocol and basically it is used to – Authenticate the client and the server – Exchange cryptographic keys • SSL Handshake performs in four phases as describe in below figure,
1. Handshake Protocol Phase-1: In Phase-1 both Client and Server send hello-packets to each other. In this IP session, cipher suite and protocol version are exchanged for security purposes. Phase-2: Server sends his certificate and Server-key-exchange. The server end phase-2 by sending the Server-hello-end packet. Phase-3: In this phase, Client replies to the server by sending his certificate and Client-exchange-key. Phase-4: In Phase-4 Change-cipher suite occurred and after this Handshake Protocol ends.
2. Record Protocol • TLS Record Protocol layers on top of a reliable connection-oriented transport, such as TCP and basically it provides 1. data confidentiality using symmetric key cryptography 2. data integrity using a keyed message authentication checksum (MAC) • Basic Operation of Record Protocol, 1. Read messages for transmit 2. Fragment messages into manageable chunks of data 3. Compress the data, if compression is required and enabled 4. Calculate a MAC 5. Encrypt the data 6. Transmit the resulting data to the peer
• At the opposite end of the TLS connection, the basic operation of the sender is replicated, but in the reverse order 1. Read received data from the peer 2. Decrypt the data 3. Verify the MAC 4. Decompress the data, if compression is required and enabled 5. Reassemble the message fragments 6. Deliver the message to upper protocol layers
3. Alert Protocol • This protocol is used to convey SSL-related alerts to the peer entity. • Each message in this protocol contains 2 bytes. Warning (level = 1): This Alert has no impact on the connection between sender and receiver. Some of them are: Bad certificate, No certificate, Certificate expired, Certificate unknown Close notify. Fatal Error (level = 2): This Alert breaks the connection between sender and receiver. The connection will be stopped, cannot be resumed but can be restarted. Some of them are : Handshake failure, Decompression failure, Illegal parameters, Bad record MAC, Unexpected message.
4. Change Cipher Spec Protocol • Change-cipher protocol consists of a single message which is 1 byte in length and can have only one value. This protocol’s purpose is to cause the pending state to be copied into the current state. • This protocol uses the SSL record protocol. • Handshake Protocol is completed, the SSL record Output will be in a pending state. After the handshake protocol, the Pending state is converted into the current state.
Web Security Threats • Web security is the protection given to the data on the internet preventing from the detecting & corrupting the data. • It is the process of securing confidential data stored online from unauthorized access and modification. • A web Security threat is any threat that uses the World Wide Web to facilitate cybercrime. • We can group the threats in term of Passive & Active attacks. 1. Passive attacks gaining information on a web site that is supported to be restricted. 2. Active attacks steals confidential information and use it to disrupt or damage the computer system.
Types of Web Security Threats • They can be divided into two primary categories: based on delivery method: 1. Push Push-based threats use spam, phishing or other fraudulent means to lure a user to a malicious (often spoofed) website which then collects information and/or injects malware 2. Pull Pull-based web threats are often referred to as “drive-by” threats by experts since they can affect any website visitor.
• They can be divided into two primary categories: based on how they attack : 1) Integrity 2) Confidentiality 3) Denial of service 4) Authentication
1.INTEGRITY Threats Consequences Countermeasures  Modification of user data  Trojan horse browser  Modification of memory  Modification of message traffic in transit  Loss of information  Compromise of data • Cryptographic checksums
2.CONFIDENTIALITY Threats Consequences Countermeasures • Eavesdropping on the net • Theft of info from server • Theft of data from client • Info about network configuration • Info about which client talks to server • Loss of information • Loss of privacy • Encryption • Web proxies
3.DENIAL OF SERVICES Threats Consequences Countermeasures  Killing of user threads  Flooding machine with fake requests  Filling up disk or memory  Disruptive  Annoying  Prevent user from getting work done  Difficult to prevent
4.AUTHENTICATION Threats Consequences Countermeasures  Impersonation of legitimate users  Data forgery  Misrepresentation of user information is valid  Cryptographic techniques
Web Security Threats 1. Virus 2. Worms 3. Trojan 4. Spyware 5. Spam 6. Phishing
Web Traffic Security Approaches • A number of approaches to providing Web security are possible. The various approaches that have been considered are similar in the services they provide and, to some extent, in the mechanisms that they use, but they differ with respect to their scope of applicability and their relative location within the TCP/IP protocol stack.
• The foremost example of this approach is the Secure Sockets Layer (SSL) and the follow-on Internet standard of SSL known as Transport Layer Security (TLS). • At this level, there are two implementation choices. For full generality, SSL (or TLS) could be provided as part of the underlying protocol suite and therefore be transparent to applications. Alternatively, SSL can be embedded in specific packages. • For example, Netscape and Microsoft Explorer browsers come equipped with SSL, and most Web servers have implemented the protocol.

Recommended

Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxSriK49
 
information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...Zara Nawaz
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemRoshan Ranabhat
 
Securing E-commerce networks in MIS and E-Commerce
Securing E-commerce networks in MIS and E-CommerceSecuring E-commerce networks in MIS and E-Commerce
Securing E-commerce networks in MIS and E-Commercehidivin652
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01EduclentMegasoftel
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking Јаѓќеѕн Јажѕшаф
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7limsh
 
INTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEMINTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEMBhushan Gajare
 

Recommended

Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxSriK49
 
information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...Zara Nawaz
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemRoshan Ranabhat
 
Securing E-commerce networks in MIS and E-Commerce
Securing E-commerce networks in MIS and E-CommerceSecuring E-commerce networks in MIS and E-Commerce
Securing E-commerce networks in MIS and E-Commercehidivin652
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01EduclentMegasoftel
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking Јаѓќеѕн Јажѕшаф
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7limsh
 
INTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEMINTERNET SECURITY SYSTEM
INTERNET SECURITY SYSTEMBhushan Gajare
 
Cyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxCyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxTikdiPatel
 
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptFALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptuseonlyfortech140
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdfFALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdfthilakrajc
 
Network and web security
Network and web securityNetwork and web security
Network and web securityNitesh Saitwal
 
Chapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfChapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfAschalewAyele2
 
IS - Firewall
IS - FirewallIS - Firewall
IS - FirewallFumikageTokoyami4
 
012
012012
012chatakondu karthik uday bhaskar
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cyclepenetration Tester
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYDEEPAK948083
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intrudersrajakhurram
 
ch08.ppt
ch08.pptch08.ppt
ch08.pptHaipengCai1
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Wail Hassan
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
Linux for Cybersecurity CYB110 - Unit 8.ppsx
Linux for Cybersecurity CYB110 - Unit 8.ppsxLinux for Cybersecurity CYB110 - Unit 8.ppsx
Linux for Cybersecurity CYB110 - Unit 8.ppsxBrenoMeister
 
Types of attack -Part2
Types of attack -Part2Types of attack -Part2
Types of attack -Part2SHUBHA CHATURVEDI
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
power system scada applications and uses
power system scada applications and usespower system scada applications and uses
power system scada applications and usesDevarapalliHaritha
 

More Related Content

Similar to Unit-5.pptx

Cyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxCyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxTikdiPatel
 
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptFALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptuseonlyfortech140
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdfFALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdfthilakrajc
 
Network and web security
Network and web securityNetwork and web security
Network and web securityNitesh Saitwal
 
Chapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfChapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfAschalewAyele2
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYDEEPAK948083
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intrudersrajakhurram
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Wail Hassan
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
Linux for Cybersecurity CYB110 - Unit 8.ppsx
Linux for Cybersecurity CYB110 - Unit 8.ppsxLinux for Cybersecurity CYB110 - Unit 8.ppsx
Linux for Cybersecurity CYB110 - Unit 8.ppsxBrenoMeister
 

Similar to Unit-5.pptx (20)

Cyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxCyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptx
 
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptFALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdfFALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
 
Network and web security
Network and web securityNetwork and web security
Network and web security
 
Chapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfChapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdf
 
IS - Firewall
IS - FirewallIS - Firewall
IS - Firewall
 
012
012012
012
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
 
ch08.ppt
ch08.pptch08.ppt
ch08.ppt
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOV
 
Linux for Cybersecurity CYB110 - Unit 8.ppsx
Linux for Cybersecurity CYB110 - Unit 8.ppsxLinux for Cybersecurity CYB110 - Unit 8.ppsx
Linux for Cybersecurity CYB110 - Unit 8.ppsx
 
Types of attack -Part2
Types of attack -Part2Types of attack -Part2
Types of attack -Part2
 

Recently uploaded

IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
power system scada applications and uses
power system scada applications and usespower system scada applications and uses
power system scada applications and usesDevarapalliHaritha
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...srsj9000
 
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZTE
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
microprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingmicroprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingjaychoudhary37
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxbritheesh05
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxDeepakSakkari2
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineeringmalavadedarshan25
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 

Recently uploaded (20)

IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
power system scada applications and uses
power system scada applications and usespower system scada applications and uses
power system scada applications and uses
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
 
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
 
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
microprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingmicroprocessor 8085 and its interfacing
microprocessor 8085 and its interfacing
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptx
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptx
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineering
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 

Unit-5.pptx

  • 1.
  • 2. Intruders • An Intruder (Hacker or Cracker) is a person who attempts to gain unauthorized access to a system, to damage that system, or to disturb data on that system. • Three Classes Of Intruders: 1. Masquerader: An individual who is not authorized to use the computer and who penetrates a system’s access controls to exploit a legitimate user’s account. 2. Misfeasor: A legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges. 3. Clandestine user: An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection The masquerader is likely to be an outsider.
  • 3. Secure Electronic Transaction (SET) • SET is set of protocols and formats designed to protect credit card transactions through Internet. OR • SET is a system for ensuring the security of financial transactions on the Internet, It was supported initially by MasterCard, Visa, Microsoft, Netscape, and others. •With SET, a user is given an electronic wallet (digital certificate) and a transaction is conducted and verified using a combination of digital certificates and digital signatures among the purchaser, a merchant, and the purchaser's bank in a way that ensures privacy and confidentiality. • SET makes use of Netscape's Secure Sockets Layer (SSL), Microsoft's Secure Transaction Technology (STT), and Teresa System's Secure Hypertext Transfer Protocol (S-HTTP).
  • 4. SET Participants • The basic figure is,
  • 5. 1. Cardholder (Customer) • This is an authorized holder of a payment card (e.g., MasterCard, Visa) that has been issued by an issuer. 2. Merchant (Web Server) • This is a person or organization who has things to sell to the cardholder. 3. Issuer (Issuers bank) • This is a financial institution such as a bank that provides the card holder with the payment card. 4. Acquirer • This is a financial institution that establishes an account with the merchant and processes credit card authorizations and payments 5. CA • This is an entity that is entrusted to issue X.509v3 public-key certificates for cardholders, merchants, and payment gateways. 6. Payment Gateway • This is a function that can be undertaken by the acquirer or some third party that processes merchant payment messages and Performs Authentication Function
  • 6. SET Transaction • The basic figure is,
  • 7. 1. Customer Opens an account – customer gets a credit card account from, such as a Visa or MasterCard, with a bank that supports SET. 2. The customer places an order and Payment Information together with the customers certificate so the merchant can verify that he is dealing with a valid customer. The PI is encrypted in such a way that the merchant cannot read it. 3. Merchant Requests PI authorization – The merchant forwards the PI to the payment gateway, to determine whether the customer has sufficient funds/credit for the purchase. 4. Merchant’s bank checks with Issuer for Payment Authorization. 5. Issuer Authorizes Payment. 6. Merchant’s Bank Sends Payment Authorization to Merchant. 7. Merchant Confirms the order –Merchant sends confirmation of the order to the customer. Merchant ships goods and services. 8. Merchant capture all transaction detail from merchant’s bank. 9. Issuer sends Credit Card Bill
  • 8. IDS (Intusion Detection System) • An IDS is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. • Intrusion – A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability, of a computing and networking resource. • Intrusion detection – The process of identifying and responding to intrusion activities. • Functions of IDS: 1. Monitoring and analyzing both user and system activities. 2. Analyzing system configuration and vulnerabilities. 3. Assessing system and file integrity. 4. Ability to recognize patterns typical of attacks. 5. Analysis of abnormal activity patterns. 6. Tracking user policy violations.
  • 9. IDS Types • Different Ways to classify the IDS are depicted below, 1. Network based (NIDS) 2. Host based (HIDS) 3. Anomaly detection 4. Signature based misuse
  • 10. 1. NIDS • NIDS are placed at a strategic point or points within the network to monitor traffic to and from all devices on the network. • A NIDS reads all inbound packets and searches for any suspicious patterns. • When threats are discovered, based on its severity, the system can take action such as notifying administrators. • A NIDS is used to monitor and analyze network traffic to protect a system from network based threats. • Example of the NIDS would be installing it on the subnet where firewalls are located in ordered to see if someone is trying to break into the firewall.
  • 11. • The basic figure is,
  • 12. Advantages: • A few well-placed NIDS can monitor a large network. • The deploying of NIDS has little impact upon an existing network. • NIDS are usually passive device that listen on a network wire without interfacing with the normal operation of a network. • NIDS can be made very secure against attack and even made invisible to many attackers. Disadvantages: • NIDS may have Difficulty processing all packets in a large or busy network and, therefore, may fail to recognize an attack launched during period of high traffic. • Most NIDS can not tell whether or not an attack was successful; they can only find that an attack was initiated.
  • 13. 2. HIDS • HIDS run on individual hosts or devices on the network. • HIDS is an intrusion detection system that monitors and analyzes the internal of a computing system as well as the network packets on its network. • A HIDS monitors the inbound and outbound packets from the device only and will alert the user or administrator if suspicious activity is detected. • If the critical system files were modified or deleted, the alert is sent to the administrator to investigate. • An example of HIDS usage can be seen on mission critical machines, which are not expected to change their configurations.
  • 14. • The basic figure is,
  • 15. Advantages: • Verifies success or failure of an attack . • Monitors system activities. • Detects attacks that a network based IDS fail to detect. • Near real time detection and response . • Lower cost. Disadvantages: • HIDS are harder to manage. • The information sources for HIDS reside on the host targeted by attacks , the IDS may be attacked and disabled as a part of the attack. • HIDS are not well suited for detecting network scans or other such surveillance that targets an entire network. • HIDS can be disabled by certain DOS attacks.
  • 16. 3. Anomaly Based IDS • An IDS which is anomaly based will monitor network traffic and compare it against an established baseline. • The baseline will identify what is “normal” for that network and alert the administrator or user when traffic is detected which is significantly different, than the baseline. • The classification is based on heuristics or rules, rather than patterns or signatures, and attempts to detect any type of misuse that falls out of normal system operation. • This is as opposed to signature based system which can only detect attacks for which a signature has previously been created. • In order to determine what is attack traffic, the system must be taught to recognize normal system activity. • This can be accomplished in several ways, most often with artificial intelligence type techniques.
  • 17. Disadvantages: • These generate many false alarms and hence compromise the effectiveness of the IDS.
  • 18. 4. Signature Based IDS • A signature based IDS will monitor packets on the network and compare them against a database of signatures or attributes from known malicious threats. • This is similar to the way most antivirus software detects malware. • Until you didn't update your signature, your IDS would be unable to detect the new threat. • Signature detection involves searching network traffic for a series of bytes or packet sequence know to be malicious.
  • 19. Advantages: • Signature are easy to develop and understand if you are know what network behavior you’re trying to identify. • The event generated by signature based IDS generate a alarm. • Pattern matching can be performed very quickly on modern systems so the amount of power needed to perform these checks is minimal for a confined rule set. Disadvantages: • They are unable to detect novel attacks. • Suffer from false alarms. • Have to programmed again for every new pattern to be detected.
  • 20. SSL & TLS • SSL(Secure Socket Layer) & TLS (Transport Layer Security) Both provide a secure transport connection between applications (e.g., web server and a browser). • SSL was developed by Netscape, SSL version 3.0 has been implemented in many web browsers (e.g., Netscape Navigator and MS Internet Explorer) and web servers and widely used on the Internet • SSL v3.0 was specified in an Internet Draft (1996) • TLS can be viewed as SSL v3.1 • Transport Layer Security (TLS) is an email security tool based on the Secure Sockets Layer (SSL) 3.0 protocol. It secures the transmission of email over the internet using standard encryption technology. • TLS provides transport layer security for Internet applications.
  • 21. SSL & TLS Architecture • SSL is designed to provide security and compression services to data generated from the application layer. • SSL protocol is implemented just above the TCP to provide web security. • SSL is designed to make use of TCP to provide a reliable end-to-end secure service. • The Location of SSL & TLS in internet model are depicted below,
  • 22. SSL & TLS Protocol Stack • Four Protocols defined by SSL. 1. Handshake Protocol 2. Record Protocol 3. Alert Protocol 4. Change Chiper Spec Protocol
  • 23. 1. Handshake Protocol • TLS Handshake Protocol is layered on top of the TLS Record Protocol and basically it is used to – Authenticate the client and the server – Exchange cryptographic keys • SSL Handshake performs in four phases as describe in below figure,
  • 24. 1. Handshake Protocol Phase-1: In Phase-1 both Client and Server send hello-packets to each other. In this IP session, cipher suite and protocol version are exchanged for security purposes. Phase-2: Server sends his certificate and Server-key-exchange. The server end phase-2 by sending the Server-hello-end packet. Phase-3: In this phase, Client replies to the server by sending his certificate and Client-exchange-key. Phase-4: In Phase-4 Change-cipher suite occurred and after this Handshake Protocol ends.
  • 25. 2. Record Protocol • TLS Record Protocol layers on top of a reliable connection-oriented transport, such as TCP and basically it provides 1. data confidentiality using symmetric key cryptography 2. data integrity using a keyed message authentication checksum (MAC) • Basic Operation of Record Protocol, 1. Read messages for transmit 2. Fragment messages into manageable chunks of data 3. Compress the data, if compression is required and enabled 4. Calculate a MAC 5. Encrypt the data 6. Transmit the resulting data to the peer
  • 26. • At the opposite end of the TLS connection, the basic operation of the sender is replicated, but in the reverse order 1. Read received data from the peer 2. Decrypt the data 3. Verify the MAC 4. Decompress the data, if compression is required and enabled 5. Reassemble the message fragments 6. Deliver the message to upper protocol layers
  • 27. 3. Alert Protocol • This protocol is used to convey SSL-related alerts to the peer entity. • Each message in this protocol contains 2 bytes. Warning (level = 1): This Alert has no impact on the connection between sender and receiver. Some of them are: Bad certificate, No certificate, Certificate expired, Certificate unknown Close notify. Fatal Error (level = 2): This Alert breaks the connection between sender and receiver. The connection will be stopped, cannot be resumed but can be restarted. Some of them are : Handshake failure, Decompression failure, Illegal parameters, Bad record MAC, Unexpected message.
  • 28. 4. Change Cipher Spec Protocol • Change-cipher protocol consists of a single message which is 1 byte in length and can have only one value. This protocol’s purpose is to cause the pending state to be copied into the current state. • This protocol uses the SSL record protocol. • Handshake Protocol is completed, the SSL record Output will be in a pending state. After the handshake protocol, the Pending state is converted into the current state.
  • 29. Web Security Threats • Web security is the protection given to the data on the internet preventing from the detecting & corrupting the data. • It is the process of securing confidential data stored online from unauthorized access and modification. • A web Security threat is any threat that uses the World Wide Web to facilitate cybercrime. • We can group the threats in term of Passive & Active attacks. 1. Passive attacks gaining information on a web site that is supported to be restricted. 2. Active attacks steals confidential information and use it to disrupt or damage the computer system.
  • 30. Types of Web Security Threats • They can be divided into two primary categories: based on delivery method: 1. Push Push-based threats use spam, phishing or other fraudulent means to lure a user to a malicious (often spoofed) website which then collects information and/or injects malware 2. Pull Pull-based web threats are often referred to as “drive-by” threats by experts since they can affect any website visitor.
  • 31. • They can be divided into two primary categories: based on how they attack : 1) Integrity 2) Confidentiality 3) Denial of service 4) Authentication
  • 32. 1.INTEGRITY Threats Consequences Countermeasures  Modification of user data  Trojan horse browser  Modification of memory  Modification of message traffic in transit  Loss of information  Compromise of data • Cryptographic checksums
  • 33. 2.CONFIDENTIALITY Threats Consequences Countermeasures • Eavesdropping on the net • Theft of info from server • Theft of data from client • Info about network configuration • Info about which client talks to server • Loss of information • Loss of privacy • Encryption • Web proxies
  • 34. 3.DENIAL OF SERVICES Threats Consequences Countermeasures  Killing of user threads  Flooding machine with fake requests  Filling up disk or memory  Disruptive  Annoying  Prevent user from getting work done  Difficult to prevent
  • 35. 4.AUTHENTICATION Threats Consequences Countermeasures  Impersonation of legitimate users  Data forgery  Misrepresentation of user information is valid  Cryptographic techniques
  • 36. Web Security Threats 1. Virus 2. Worms 3. Trojan 4. Spyware 5. Spam 6. Phishing
  • 37. Web Traffic Security Approaches • A number of approaches to providing Web security are possible. The various approaches that have been considered are similar in the services they provide and, to some extent, in the mechanisms that they use, but they differ with respect to their scope of applicability and their relative location within the TCP/IP protocol stack.
  • 38. • The foremost example of this approach is the Secure Sockets Layer (SSL) and the follow-on Internet standard of SSL known as Transport Layer Security (TLS). • At this level, there are two implementation choices. For full generality, SSL (or TLS) could be provided as part of the underlying protocol suite and therefore be transparent to applications. Alternatively, SSL can be embedded in specific packages. • For example, Netscape and Microsoft Explorer browsers come equipped with SSL, and most Web servers have implemented the protocol.