document security & firewall
DESCRIPTION
This is presentation on security of documents over internet, how yo protect them and achieve organizational goal by maintaining confidentiality, providing access control and get secure with the use of firewall.TRANSCRIPT
Institute of Management StudiesInstitute of Management StudiesDAVV, IndoreDAVV, Indore
Document Security And FirewallDocument Security And Firewall
Session - 2014Session - 2014
Presentation to:
Achal Hardia
Faculty IMS, DAVV
Presentation By:Rupa DwivediSakshi JainSanjay SinghShubhangi MahajanE-Commerce, 2nd Sem
ContentContent• Introduction to Document Security• Criteria of Document Security• Techniques of Document Security• Firewall• Types of Firewall• Conclusion
Introduction to document Introduction to document SecuritySecurity
Document Security: The protection of documents against the deliberate or accidental access of unauthorized persons.
Main reason why organization need to address the security of electronically shared documents:
◦Regulatory requirements
◦Return on investment (ROI)
◦ Information security
Regulatory requirementsMany companies are directly or indirectly affected by government mandates and regulations for providing consumer privacy.
Return on investment (ROI)◦ Significant ROI can be achieved by migrating to
electronic business processes◦ Automated workflows allow prospects,
customers, partners, and suppliers to participate, enabling organizations to reap significant cost savings while improving customer satisfaction and loyalty
Information securityThefts of proprietary information are increasing, which can jeopardize revenue, competitive advantage, and customer relationships; generate negative publicity; and result in significant penalties and fines for failure to comply with privacy laws.
How to provide document securityHow to provide document security
• The following criteria define persistent document security:
– Confidentiality—Who should have access to the document?
– Authorization—What permissions does the user have for working with the document?
– Accountability—What has the recipient done with the document?
– Integrity—How do you know if the document has been altered?
– Non-repudiation—Can the signatory deny signing the document?
– Authenticity—How do you know where the document came from?
Security Techniques
Document control Digital signatures
Document ControlDocument ControlEncryption is the process of transforming
information (plaintext) into an incomprehensible form (ciphertext). Encryption is an effective technique for managing document access.
Decryption is the reverse process that transforms ciphertext back to the original plaintext.
Cryptography refers to the two processes of encryption and decryption and its implementation is referred to as a cryptosystem.
Digital signaturesDigital signatures
When enterprises distribute documents electronically, it is often important that recipients can verify:◦ That the content has not been altered (integrity)◦ That the document is coming from the actual
person who sent it (authenticity) ◦ That an individual who has signed the document
cannot deny the signature(non-repudiation)
Apply code
Create unique hash/ ID of electronic document
Apply digital signature
Confidentiality
Authorization
Accountability
Integrity
Authenticity
Non-repudiation
• Sign signature page
• Submit 15-20 pages (non-secure) with signature page to LoC
• Only page authenticated is signature page
Digital Signatures
Complete document is locked and verifiable
Signature ProcessSignature Process
Hash Function
100011101101
Encrypt Using Signer’s
Private Key
Attach to Data
Authorized/Signed Data
110101101101
PDFData• Data is converted to pdf
document
• A unique hash key is computed for pdf document
• User supplied key is used to encrypt the hash key
• The encrypted hash key is attached to the pdf document
• Document is digitally signed
Conclusion To Document Conclusion To Document SecuritySecurity
A significantly more effective solution for protecting an electronic document is to assign security parameters that are an integral part of the document itself.
By applying security parameters to the individual document, organizations gain greater assurance in the confidentiality, authenticity, and integrity of electronically shared documents in addition to securing the communication line or storage location.
As organizations accelerate online processing, External security solutions deliver document control and digital signature services that simplify the process of protecting sensitive electronic documents and forms.
What is firewall ?What is firewall ?
A firewall is a software feature designed to control the flow of traffic into and out-of a network. A firewall is a specially programmed router that sits between a site and the rest of the network . It is used to enforce security policy .
HOW FIREWALL WORK ?HOW FIREWALL WORK ?
Types of firewalls ?Types of firewalls ?Packet filtersCircuit levelApplication levelStateful multilayer
Packet FilteringPacket Filtering
Circuit Level GatewayCircuit Level Gateway
Application LevelApplication Level
Stateful MultilayerStateful Multilayer
General PerformanceGeneral Performance
Free Firewall Software Free Firewall Software PackagesPackagesIP Chains & IP Tables
◦comes with most linux distributions
SELinux (Security Enabled Linux – NSA)◦comes with some Linux distributions
Fedora, RedHat
Home & Personal Routers Provide ◦configurable packet filtering◦ NAT/DHCP
Enterprise Firewalls Cisco PIX (product family) MS Internet Security & Acceleration
Server
ConclusionConclusionIt is clear that some form of
security for private networks connected to the Internet is essential
A firewall is an important and necessary part of that security, but cannot be expected to perform all the required security functions.
