Академический Документы
Профессиональный Документы
Культура Документы
scenario
Contents:
• What Do We Mean By Security?
• The Foundations of Security
• General Types of Attacks
• Network Threats
• Web traffic security approaches
• IP Security (IPSec)
• Secure Socket Layer
• Kerberos
• Pretty Good Privacy
• Secure Electronic Transaction
• Host Threats
What Do We Mean By
Security?
Security is fundamentally about
protecting assets. Assets may be
tangible items, such as a Web page
or your customer database — or they
may be less tangible, such as your
company’s reputation.
The Foundations of Security
Attacks
Threats
Vulnerabilities
General Types of Attacks
•Active Attacks
2.Masquerade
3.Replay
4.Modification of messages
5.Denial of service
•Passive Attacks
7.Release of message contents
8.Traffic Analysis
Release of message
contents
Darth
Read Contents
of message
from Bob to
Alice
Internet
Bob Alice
Traffic Analysis
Internet
Bob Alice
Masquerade
Darth
Message from
Darth that
appears to be
from Bob
Internet
Bob Alice
Replay
Internet
Bob Alice
Modification of messages
Internet
Bob Alice
Denial of service
Darth
Darth disrupts
services provided
by server
Internet
Bob Server
Network Threats
● Information gathering
● Sniffing
● Spoofing
● Session hijacking
● Denial of service
Web traffic security
approaches
HTTP FTP SMTP HTTP FTP SMTP
TCP SSL or TLS
IP/IPSec TCP
IP
Application Level
IP Security (IPSec)
Architecture
Encryption Authentication
algorithm algorithm
DOI
Key
Management
TCP
IP
Ticket
granting Kerberos
server (TGS)
Ticket +
Request Service Session key
grating ticket
Once per type
of service
Request service
Once per
service session
Provide server
authenticator
Pretty Good Privacy
X ← file
Signatur Yes
e Generate Signature
Required X ← Signature || X
?
No
Compress
X ← Z(X)
No
Convert to
radix
X ← R64[X]
Transmission of PGP Messages
Convert to
radix 64 X ←
R64-1[X]
Confidential Yes
Decrypt key, X
ity Ks ← D(PRb, E(Pub,Ks))
Required?
X ← D(Ks, E(Ks, X))
No
Decompress
X ← Z-1(X)
Signatur Yes
e Strip Signature from X
Required Verify Signature
?
No
Cardholder
Internet
Certificate
authority
Issuer
Payment
Network Acquirer
Payment
gateway
Host Threats
•Viruses, Trojan horses, and worms
•Footprinting
•Profiling
•Password cracking
•Denial of service
•Arbitrary code execution
•Unauthorized access
Thank You