The document discusses electronic security, focusing on the classification of intruders and their methods of attack, particularly in sectors like finance, healthcare, and government. It outlines key security concepts such as confidentiality, integrity, and availability, and provides practical tips for securing e-commerce and information systems. Additionally, it covers various security tools, vulnerabilities, and the impact of breaches on businesses.

1. Welingkar’s Distance Learning Division
Electronic Security
We Learn – A Continuous Learning Forum

2. Electronic Security

3. Classification of Intruders
Intruders type
Hackers
Freakers
Crackers

4. Victimised Firms
• Banks
• Financial companies
• Insurance companies
• Brokerage houses
• Consultants
• Network Service Providers
• Textile Business
• Wholesale/Retail traders
• Government contractors
• Government agencies
• Hospitals
• Medical laboratories
• Utility companies
• Universities

5. Attacking Methods
• Gaining access to user’s account
• Gaining privileged access
• Using the victim‘s system as a
platform for attacks on other
sites.
• Duration of the accomplishment :
• Manually in less than 45 seconds
• With automation, the time is still less.
• By the attack varies :
• A minnor loss of time in recovering from
the problem .
• A decrease in productivity.
• A significant loss of credibility or market
opportunity.
• A buisness no longer able to complete.
• Legal liability and
• Loss of life

6. Three basic security concepts
• Confidentiality
• Integrity and
• Availability

7. Concepts relating to the people who use the
information are :
• Authentication
• Authorisation
• Non-repudiation

8. Classification of Incidents
• Probe
• Scan
• Account compromise
• Packet sniffer
• Denial of service
• Exploitation of trust
• Root compromise
• Destruction or
Alteration of
configuration
information
• Malicious code
• Internet infrastructure
attack

9. Data Network
Transport Layer
Session Layer
Presentation Layer
Application Layer
User Application
SSL Record Protocol
Physical Layer
Link Layer
Network Layer
SSL Handshake Protocol
SSL Protocol
Plain Data Stream
Encrypted Data Packets
ISO Reference
Model
Distributed Data Sources
Physical connection to network hardware
Network Independent messages
Relationship between SSL & ISO Reference Model

10. Ten Practical Tips to Secure
E-Commerce - 1
• Use latest version of the browser
• Install SSL
• Ensure ISP has a security system
• Look for signs of trust
• Shop with familiar companies
• Look for easy to find security information & a
privacy statement

11. Ten Practical Tips to Secure
E-Commerce - 2
• Pay by credit card
• Keep a record
• Look for information about ‘cookies’ and
• Find out what information the site collects
you

12. Security Tools - 1
• Secure transport stacks
• Kerberos
• Secure transactions
over the Internet
• UNIX Security
• Password Security
Systems

13. Security Tools - 2
• Electronic Mail
 SMTP
 PEM
 PGP
• Server security
• Trusting Binaries

14. Kerberos Authentication Process -1
 Credentials
A Ticket for the server
A temporary
encryption key
The session key

15. Kerebos - 2
 Limitations
Vulnerability of
passwords
Need for
synchronised clocks
Weak assurances
against repudiation

16. UNIX Security
• User passwords
• File access
• Directory access
• File encryption and
• Security on passwords files

17. Biometrics
• Fingerprints
• Signature Dynamics
• Voice verification
• Keystroke Dynamics
• Facial Features

18. E- MAIL
 Advantages
o Send message in no time anywhere in the world
o For getting on & staying on the Internet
o Can be handled by a variety of programs
o Easy and inexpensive
o Increasingly used for both internal & external
corporates
o E-mail to fax & fax to e-mail is possible