1

Pertemuan 10 Network Security and E-Commerce

Matakuliah : M0284/Teknologi & Infrastruktur E-Business

Tahun : 2005

Versi : <<versi/revisi>>

2

Learning Objectives

• Understand how viruses operate and how to protect systems from them.

3

Virus Protection

• Virus Categories– File infectors– System or boot-record infectors– Macro viruses– Worms

4

Virus Protection

• Backup and Recovery– Organizations need to have clear procedures for

backup and recovery.• Onsite • Offsite• Timed

– Organization must enforce these procedures.– Take advantage of new technologies

• Compression• Optical storage

– Clear recovery procedures

5

Firewalls

• Necessary for Enterprise and service providers, Small offices, and consumers having access to Internet.

• Design Goals of a Firewall:– Control the traffic from inside to outside and vice

versa.– Establish local security policies.– Avoid penetration through simplicity.

• Clear set of rules• Easily maintained• Assigned responsibilities

6

Firewalls

• Firewalls can be Classified in:– Packet Filtering Router– Circuit-Level Gateways– Application-Level Gateways

• Proxy Servers

7

FirewallsPacket Filtering Router

• Applies a set of rules to all incoming packets• Filtering rules are based on the fields of the

packet.

8

FirewallsCircuit-Level Gateway

• Establishes connections between users on the outside and users on the inside.

• No direct end-to-end links, TCP redirection.

• Does not provides network-layer services.

9

Firewalls

• Multilevel Firewalls– Based on fact that intruder can be repelled

by multiple layers of defense or at least slowed down.

10

FirewallsApplication-Level Gateway

• Establishes connections at the application level.

• Stricter security than packet filtering.

• Proxy servers are functionally similar.

• Proxy servers also act as cache servers to enhance performance.

11

Security Audit

• Security audits feature– Top-Down interviews– Identification of deviation from existing

policies.– Analysis using proven security practices

methodology (SPM).

• Many companies outsource audits.– Based on costs– Based on skills

12

Security Levels

• Security of the Organization– Select the right solution– Intrusion detection

• Security of the Client– Protection at the browser– Protection through virtual private network

• Security of the Third Party– Distributed Denial Of Service Attacks (DDOS)– Filtering outbound traffic

13

Security Levels - Clients

• Connections to the Internet are not anonymous.– Privacy issues

• Transactions may leave residual information.– Caching– Cookies– Log

14

Security Levels - Clients

• Countermeasures in Netscape & Internet explorer

15

Directory Services

• Definition– A network service that identifies all resources on a

network and makes them accessible to users and applications.

• Standards– X.500 is an ISO and ITU standard that defines how

global directories should be structured. X.500 directories are hierarchical

– LDAP was conceived of as a way to simplify access to a directory service that was modeled according to the X.500 standards. LDAP has emerged as the solution needed to make global directory services a reality.

16

Directory Services

• Current products– Number based on Lightweight Directory

Access Protocol (LDAP)– CP: Injoin Directory Server v3.X – NETSCAPE: iPlanet Directory Server 4.11 – NOVELL: NDS eDirectory Version 8.X – ORACLE: Oracle Internet Directory 2.X – Microsoft Active Directory Service

17

Directory Services

• Single Sign-On– A user needs only one user ID and password, which

eliminates the security headaches and vulnerabilities associated with multiple IDs/passwords.

– Frees security administrators from the mundane task of assigning passwords

– Single Sign-On should work across all platforms, databases, and applications and includes out-of-the-box support for third-party technologies such as Authentication, PKI, and smart cards.