jump to first page internet security in perspective yong cao december 2000

Jump to first page

Internet Security in Perspective

Yong CaoDecember 2000

Jump to first page

Overview Introduction Security threats Integrated security Control measures Summary

Jump to first page

Growth of the Internet

Jump to first page

Security Threats Unauthorized access User misrepresents identity Access to unauthorized data Data intercepted, read or modified Virus attacks Hackers

Jump to first page

Integrated SecuritySecure transaction: Confidentiality: others cannot eavesdrop on an exchange. Integrity: the messages received are identical to the messages sent. Authenticity: you are assured of the persons with whom you are

making an exchange. Non-Repudiability: none of the involved parties can deny that the

exchange took place.

Secure access: Access control: prevent unauthorized users. Audit trials: track down the users.

Jump to first page

Control measures Firewalls Cryptography Digital signature Virus control

Jump to first page

Firewalls Protect nets with unsafe hosts Single point of control and expertise The firewall is often the only secure

piece of an Internet arrangement Backdoors usually diminish the

effectiveness of a firewall Proxy server

Jump to first page

Cryptography Transforming of information into a form

unreadable by anyone without a secret decryption key.

Secret Key (Symmetric) Public Key (Asymmetric) PGP

Jump to first page

Digital Signature A digital signature shows that the

person who signed the document had access to the private key and the pass phrase for the key indicated by the signature and that the document has not been modified since it was signed.

PGP

Jump to first page

Virus Control Using anti-virus software to scan

known viruses to protect the computers.

Need to update frequently. McAfee VirusScan

Jump to first page

Secure Sockets Layer (SSL) Developed by Netscape Communications,

SSL is a security-enhanced abstraction of sockets that provides transaction security at the link or transport level. With SSL, security properties are attached to the link or channel of communication between two parties, not the documents themselves.

Utilizing public and private keys, message digests, digital signatures, and certificates

Jump to first page

Summary Security is a big concern in internet use. Integrated security should have

confidentiality, integrity, authenticity, non-repudiability, access control, audit trials.

The common security controls are firewalls, cryptography, digital signature, virus control.