Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • Security in Web Scenario

    Загружено:

    Vivek Kushwaha
    90 просмотров22 страницы
    Security is fundamentally about protecting assets, such as a web page or a customer database. Active attacks include masquerade, replay, modification of messages, Denial of service. Passive Attacks include release of message contents. Web traffic security approaches include ftp, smtp and kerberos.

    Исходное описание:

    Авторское право

    © Attribution Non-Commercial (BY-NC)

    Доступные форматы

    PPT, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    Security is fundamentally about protecting assets, such as a web page or a customer database. Active attacks include masquerade, replay, modification of messages, Denial of service. Passive Attacks include release of message contents. Web traffic security approaches include ftp, smtp and kerberos.

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате PPT, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    90 просмотров22 страницы

    Security in Web Scenario

    Загружено:

    Vivek Kushwaha
    Security is fundamentally about protecting assets, such as a web page or a customer database. Active attacks include masquerade, replay, modification of messages, Denial of service. Passive Attacks include release of message contents. Web traffic security approaches include ftp, smtp and kerberos.

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате PPT, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 22

    Security in web

    scenario
    Contents:
    • What Do We Mean By Security?
    • The Foundations of Security
    • General Types of Attacks
    • Network Threats
    • Web traffic security approaches
    • IP Security (IPSec)
    • Secure Socket Layer
    • Kerberos
    • Pretty Good Privacy
    • Secure Electronic Transaction
    • Host Threats
    What Do We Mean By
    Security?
    Security is fundamentally about
    protecting assets. Assets may be
    tangible items, such as a Web page
    or your customer database — or they
    may be less tangible, such as your
    company’s reputation.
    The Foundations of Security
    Attacks

    Threats

    Vulnerabilities
    General Types of Attacks
    •Active Attacks
    2.Masquerade
    3.Replay
    4.Modification of messages
    5.Denial of service
    •Passive Attacks
    7.Release of message contents
    8.Traffic Analysis
    Release of message
    contents

    Darth
    Read Contents
    of message
    from Bob to
    Alice

    Internet

    Bob Alice
    Traffic Analysis

    Observe the Darth


    pattern of
    messages from
    Bob to Alice

    Internet

    Bob Alice
    Masquerade

    Darth
    Message from
    Darth that
    appears to be
    from Bob

    Internet

    Bob Alice
    Replay

    Capture message Darth


    from Bob to Alice;
    later replay
    message to Alice

    Internet

    Bob Alice
    Modification of messages

    Darth modifies Darth


    message from Bob
    to Alice

    Internet

    Bob Alice
    Denial of service

    Darth
    Darth disrupts
    services provided
    by server

    Internet

    Bob Server
    Network Threats
    ● Information gathering
    ● Sniffing
    ● Spoofing
    ● Session hijacking
    ● Denial of service
    Web traffic security
    approaches
    HTTP FTP SMTP HTTP FTP SMTP
    TCP SSL or TLS
    IP/IPSec TCP
    IP

    Network Level Transport Level

    S/MIME PGP SET


    Kerberos SMTP HTTP
    UDP TCP
    IP

    Application Level
    IP Security (IPSec)
    Architecture

    ESP Protocol AH Protocol

    Encryption Authentication
    algorithm algorithm

    DOI

    Key
    Management

    IPSec Document Overview


    Secure Socket Layer
    SSL SSL Change
    SSL Alert
    Handshake Cipher Spec HTTP
    Protocol
    Protocol Protocol

    SSL Record Protocol

    TCP

    IP

    SSL Protocol Stack


    Kerberos
    Request ticket
    grating ticket
    Once per user Ticket + Authenticatio
    logon session Session key n Server (AS)

    Ticket
    granting Kerberos
    server (TGS)

    Ticket +
    Request Service Session key
    grating ticket
    Once per type
    of service
    Request service

    Once per
    service session
    Provide server
    authenticator
    Pretty Good Privacy
    X ← file

    Signatur Yes
    e Generate Signature
    Required X ← Signature || X
    ?
    No

    Compress
    X ← Z(X)

    Confidential Yes Encrypt key, X


    ity
    Required? X ← E(Pub, Ks ) || E(Ks, X)

    No
    Convert to
    radix
    X ← R64[X]
    Transmission of PGP Messages
    Convert to
    radix 64 X ←
    R64-1[X]

    Confidential Yes
    Decrypt key, X
    ity Ks ← D(PRb, E(Pub,Ks))
    Required?
    X ← D(Ks, E(Ks, X))
    No

    Decompress
    X ← Z-1(X)

    Signatur Yes
    e Strip Signature from X
    Required Verify Signature
    ?
    No

    Reception of PGP Messages


    Secure Electronic
    Transaction
    Merchant

    Cardholder

    Internet

    Certificate
    authority

    Issuer

    Payment
    Network Acquirer

    Payment
    gateway
    Host Threats
    •Viruses, Trojan horses, and worms
    •Footprinting
    •Profiling
    •Password cracking
    •Denial of service
    •Arbitrary code execution
    •Unauthorized access
    Thank You

    Вам также может понравиться