nbfc

Views:
 
Category: Entertainment
     
 

Presentation Description

No description available.

Comments

By: app3090 (104 month(s) ago)

plz allow me 2 download dis thank u

Presentation Transcript

INTERNET SECURITY : 

INTERNET SECURITY By:

DEFINITION OF INFORMATION : 

DEFINITION OF INFORMATION Corporate information is that information used by the company in its business which is the result of some effort, expense, or investment that provides the company with a competitive advantage, and that the company wishes to protect from disclosure to third parties.

WHAT IS INTERNET SECURITY? : 

WHAT IS INTERNET SECURITY? Internet Security is the prevention of, and recovery from, unauthorized or undesirable destruction, modification, disclosure, or use of information and information resources, whether accidental or intentional. Preservation of the availability, integrity, and confidentiality of information and information resources.

Availability, Integrity& Confidentiality : 

Availability, Integrity& Confidentiality Availability: Ensuring that authorized users have access to information and associated assets when required. Integrity: Safeguarding the accuracy, completeness, and control of information and processing methods. Confidentiality: Ensuring that information is accessible only to those authorized to have access.

WHY DO WE NEED TO PROTECT INTERNET? : 

WHY DO WE NEED TO PROTECT INTERNET? Internet are very sensitive in nature. Unauthorized disclosure of the data could seriously and adversely impact the interests of employees, stake holders and organization. To maintain internal controls to safeguard corporate assets against unauthorized use or disposition. Protecting the company’s information assets enhance its chance of success.

Layer wise security control : 

Layer wise security control Physical layer– Wiretapping be foiled by enclosing transmission lines in sealed tube . Network Layer - Firewall is installed to keep good packet and bad packet out. IP security also function at this layer. Transport layer– Entire connection can be encrypted end to end ,end to end security is required.

Encryption : 

Encryption Encryption is the process of encoding data To protect a user’s identity or data from being read To protect data from being altered To verify that data originates from a particular user Encryption can be: Asymmetric Symmetric

CRYPTOGRAPHY : 

CRYPTOGRAPHY Cryptography --means “SECRET WRITING” Cryptography is a science and art of transforming messages to make them secure and immune to attack. An encryption algorithm transform the original message (plaintext) into the encrypted message (cipher text). An decryption algorithm – transform the cipher text back into the plaintext. In cryptography ,the encryption/decryption algorithm are public but the key remains secret. Cryptography has two parts- Symmetric key cryptography algorithm Asymmetric key cryptography algorithm

Symmetric vs. Asymmetric Encryption : 

Symmetric vs. Asymmetric Encryption

The language of cryptography : 

The language of cryptography plaintext plaintext Cipher text encryption algorithm decryption algorithm A’s encryption key B’s decryption key

Traditional cipher : 

Traditional cipher The character retain their plaintext but change their position to create their cipher text. E.g. plaintext -- I am fine . Cipher text-- m eq jmri.

Data Encryption Standard : 

Data Encryption Standard Initially designed by IBM . The algorithm encrypts 64 bit plaintext using a 56 bit key. The text is put through 19 different and complex procedure to create a 64 bit ciphertext. Instead of substituting one character at a time it substitute 8 characters (a Byte) at a time using complex encryption and decryption algorithm.

Public key cryptography : 

Public key cryptography Developed in Stanford university Public Key Cryptography (PKC) uses two keys, a "public key" and a "private key", to implement an encryption algorithm that doesn't require two parties to first exchange a secret key in order to conduct secure communications.

Slide 14: 

Public keys are used for encrypting. Private keys are used for decrypting. encryption plaintext ciphertext public key decryption ciphertext plaintext private key

Digital Signature : 

Digital Signature Public key cryptography is also used to provide digital signatures. signing plaintext signed message private key verification signed message plaintext public key

Transmitting over an insecure channel. : 

Transmitting over an insecure channel. Alice wants to send Bob a private message. Apublic is Alice’s public key. Aprivate is Alice’s private key. Bpublic is Bob’s public key. Bprivate is Bob’s private key.

Slide 17: 

Hello Bob,Wanna get together? Alice Bob encrypt using Bpublic decrypt using Bprivate

OK Alice,Your place or mine? : 

OK Alice,Your place or mine? Alice Bob decrypt using Aprivate encrypt using Apublic

Message Digest : 

Message Digest Also known as “hash function” or “one-way transformation”. Transforms a message of any length and computes a fixed length string. We want it to be hard to guess what the message was given only the digest. Guessing is always possible.

Alice’s Signature : 

Alice’s Signature Alice feeds her original message through a hash function and encrypts the message digest with Aprivate. Bob can decrypt the message digest using Apublic. Bob can compute the message digest himself. If the 2 message digests are identical Bob knows Alice sent the message.

Slide 21: 

Alice Bob Sign with Aprivate check signature using Apublic encrypt using Bpublic decrypt using Bprivate Revised Scheme

WEB Security : 

WEB Security How are objects and resources named securely? How can secure, authenticated connection be established? Threats :::: Home page of numerous organization has been attacked and replaced by new home page of crackers.. Some hacked site: The yahoo The US Army.

Denial of service : 

Denial of service Crackers flooded the site with traffic, rendering it unable to respond to legitimate queries.

Some incidence … : 

Some incidence … A 19 year old Russian cracker “Maxim” broke into an e-commerce web-site and stole 300,000 credit card numbers. In 1999, A swedish cracker broke in to Microsoft's HOTMAIL web site and created a mirror site . A 23 year old California student e-mailed a press release to a news agency falsely stating that the Emulex corp. was going to post a large quarterly loss and that CEO was resigning immidiately.within hour company stocks dropped by 60%.

Ecommerce Security Issues : 

Ecommerce Security Issues privacy: information must be kept from unauthorized parties. integrity: message must not be altered or tampered with. authentication: sender and recipient must prove their identities to each other. non-repudiation: proof is needed that the message was indeed received Privacy is handled by encryption Digital signatures meet the need for authentication and integrity.

Avoid this type of Security Check : 

Avoid this type of Security Check

THANK YOU : 

THANK YOU

authorStream Live Help