Documente Academic
Documente Profesional
Documente Cultură
E-Commerce infrastructure
Security threats the real threats and the perceptions Network connectivity and availability issues
Message integrity
Digital signatures and non-repudiation Access to timely information
Distribute key pairs to all interested entities Certify public keys in a trusted fashion
The Certificate Authority
Secure protocols between entities Digital Signatures, trusted records and non-
repudiation
Authentication problems
Impersonation attacks
Privacy problems
SSL the web security protocols IPSEC the IP layer security protocol SMIME the email security protocol SET credit card transaction security protocol
Issues with variable response during peak time Guaranteed delivery, response and receipts Spoofing attacks
Networking Products
Firewalls
Remote access and Virtual Private Networks (VPNs) Encryption technologies Public Key Infrastructure
Support for peak access Replication and mirroring, round robin schemes avoid denial of service
Security of web pages through certificates and network architecture to avoid spoofing attacks
Determine rightful users for resources Role-based certificates to identify the authorization rights for a user
What is EDI?
Exchange of electronic data between companies using precisely defined transactions Set of hardware, software, and standards that accommodate the EDI process
12
Figure 11.3 Suppliers, manufacturers, and retailers cooperate in some of the most successful applications of EDI. 14
Figure 11.4
15
Worldwide connectivity
16
Need for timely, reliable data exchange in response to rapidly changing markets Emergence of standards and guidelines Spread of information into many organizational units Greater reliability of information technology Globalization of organizations
17
protecting the integrity of a message validating identity of originator non-repudiation of origin (dispute resolution)
18
Message encryption by itself also provides a measure of authentication If symmetric encryption is used then:
receiver know sender must have created it since only sender and receiver now key used know content cannot of been altered Provides both: sender authentication and message authenticity.
19
encryption provides no confidence of sender since anyone potentially knows public-key however if
sender signs message using his private-key then encrypts with recipients public key have both secrecy and authentication
20
Depends on both message and a secret key Like encryption though need not be reversible
Appended to message as a signature Receiver performs same computation on message and checks it matches the MAC Provides assurance that message is unaltered and comes from sender
21
generally use separate keys for each can compute MAC either before or after encryption is generally regarded as better done before sometimes only authentication is needed sometimes need authentication to persist longer than the encryption (e.g., archival use)
usually assume that the hash function is public and not keyed
-note that a MAC is keyed
hash used to detect changes to message can use in various ways with message most often to create a digital signature
23
Spyware Adware Embedded Programs Trojan Horse Browser Hijackers Dialers Malware
Computer is running slower than normal Popups (on or off the internet) New toolbars Home page changes Search results look different Error messages when accessing the web
Be conscious of what you are clicking on/downloading Some pop-ups have what appears to be a close button, but will actually try to install spyware when you click on it. Always look for the topmost right red X. Remember that things on the internet are rarely free. Free Screensavers etc. generally contain ads or worse that pay the programmer for their time.
Download.com All programs are adware/spyware free Freesaver.com Screensavers from this site are safe DO NOT click on ads KFOR or News9 Cleansoftware.org
Used to protect one from the other Places a bottleneck between the networks
All communications must pass through the bottleneck
Packet Filtering
Rejects TCP/IP packets from unauthorized hosts and/or connection attempts bt unauthorized hosts
Translates the addresses of internal hosts so as to hide them from the outside world Also known as IP masquerading Makes high level application level connections to external hosts on behalf of internal hosts to completely break the network connection between internal and external hosts
Proxy Services
Encrypted Authentication
Allows users on the external network to authenticate to the Firewall to gain access to the private network
Establishes a secure connection between two private networks over a public network
This allows the use of the Internet as a connection medium rather than the use of an expensive leased line
Virus Scanning
Searches incoming data streams for virus signatures so theey may be blocked Done by subscription to stay current
McAfee / Norton
Content Filtering
Part of an overall Firewall strategy Sits between the local network and the external network
Originally used primarily as a caching strategy to minimize outgoing URL requests and increase perceived browser performance Primary mission is now to insure anonymity of internal users
Terminates the TCP connection before relaying to target host (in and out) Hide internal clients from external network Blocking of dangerous URLs Filter dangerous content Check consistency of retrieved content Eliminate need for transport layer routing between networks Single point of access, control and logging