Network Security and

Web Services
Sivappriya.S
2nd Year CSE
Ganesh Engineering College
m e Network Security on web
services as become mandatory due
to acking process

m ere are many kinds of acking

tec nologies available. I will s ow you a
video about a person acking a traffic
signal. He acks t e traffic signal and
c anges it into is required signal. m is
video is taken from you tube
m



  

jackers: enjoy intellectual challenges of

overcoming software limitations and
how to increase capabilities of systems
Crackers: illegally break into other
peopleƞs secure systems and networks
Cyber Terrorists: threaten and attack
other peopleƞs computers to further a
social or political agenda
  




 The challenge... Ɲbecause itƞs there!ƞ
 Ego
 Espionage
 Ideology
 Mischief
 Money (extortion or theft)
 Revenge
Ô

Ô


 




 

  
Ô





 !
 

 "
 # 


$
% 


&  " 
ÔÔ
'  
#

#


"#

' 
 


   


(


)



 


   *
+
 
! ,(
-   
. 
/  

' 


  
Ô


0Ô
 *

Source: www.sophos.com
m



  

Malware Writers: responsible for the

creation of malicious software
Samurai: hackers hired to legally enter
secure computer/network environments
ƝPhreakersƞ: Focus on defeating telephone
systems and associated communication
technologies
m



  
ƝPhishingƞ: sending out Ɲscamƞ e-mails with
the criminal intent of deceit and extortion.
Spam: unsolicited and/or undesired bulk e-
mail messages, often Ɲsellingƞ a product
Zombie Computers: Yours?

I will explain the above terms bit detail.

hm 
 

Spam
r    otnet

ë


 

      
   

 
          

    



  
ë botnet's originator can control the group remotely, and
usually for nefarious purposes such as the sending of
mass spam.

Source: www.wikipedia.org
Π

Phishing is a technique used by strangers
to "fish" for information about you,
information that you would not normally
disclose to a stranger, such as your bank
account number, PIN, and other personal
identifiers. These messages often contain
company/bank logos that look legitimate
and use flowery or legalistic language
about improving security by confirming
your identity details. O ample Omails From ICICI will
come as ICICIe, Paypal.
Π
 
m
 h
Malware is Malicious
Software - deliberately
created and specifically
designed to damage,
disrupt or destroy
network services,
computer data and
software.
There are several types...

m


 Conceal themselves
 Infect computer systems
 Replicate themselves
 Deliver a Ɲpayloadƞ

m


Programs that are capable of
independently propagating
throughout a computer
network.
They replicate fast and
consume large amounts of
the host computers memory.

m
m



Programs that contain hidden
functionality that can harm
the host computer and the
data it contains.
.

m
 
 
Time Bombs - triggered by a
specific time/date
Logic Bombs - triggered by a
specific event
Both are introduced some time
before and will damage the
host system
m


 m 

jackers can leave their Ɲgraffiti ( Drawing

Messages etc..)ƞ on other peopleƞs
websites. Below sites were hacked long
time back.
 FBI and CIA
 NASA
 British Labour and Conservative Parties
 New York Times
 m

 !

Aljazeera TV Website jacked and Defaced. The Site is

Aljazeera and the hacker displays some false comment on it
 m
Said to be on
Banks.

2ood O ample for t e Network security and

web service I feel is t e banking sector
securities

Normally all t e banks ave website

security, Initially I will e plain t e type of
focus t ey give on Web security.
All the banks have website security, Initially I will
explain the type of web security.

The username and password for accessing the bank

websites.

Password encryption.

Password length: ie the number of character used

for the passwords.

Password Strength: combination of Characters,

Numbers, Special characters.

Password expiry after 30 days, Need to change the

password every 30 days.

We can also see some websites are using Keyboard

security( example mashreq) this security is good
enough. This is given because even when a user
uses the keyboard hardware and the computer can
hacked.
O ample of a  ank S owing t e
Virtual keyboard for security.

Now bankers are
issuing Secure ID
Card.

This card has a

digital display,
this has a 6 digit
password
numbers. And this
number changes
every 60 seconds.

0sually everyone use
www i.e. ttp port 80
ie user friendly, So
ackers target t ese
kinds of Protocol, now
secured websites are
being used ttps 443
for security reasons.
0sually w ile opening
t is kind of secure
website t ere is a
warning message to
continue.

It's ard to know w o you can trust on t e
Internet. Is t at really my bank's website I'm
viewing t roug my browser? Is t ere a real
business be ind t at site. How do I know I'm
looking at t e rig t website? Internet O plorer 8
supports t e new O tended Validation SSL
(Secure Socket Layer) certificates to elp users
better answer t ese questions and see identity
information for websites.  elow screen s ot will
elp you to know if really a website can be trusted
or not
2reen Colour indicates t is is a
secured website.