jump to first page internet security in perspective yong cao december 2000
DESCRIPTION
Jump to first page Growth of the InternetTRANSCRIPT
Jump to first page
Internet Security in Perspective
Yong CaoDecember 2000
Jump to first page
Overview Introduction Security threats Integrated security Control measures Summary
Jump to first page
Growth of the Internet
Jump to first page
Security Threats Unauthorized access User misrepresents identity Access to unauthorized data Data intercepted, read or modified Virus attacks Hackers
Jump to first page
Integrated SecuritySecure transaction: Confidentiality: others cannot eavesdrop on an exchange. Integrity: the messages received are identical to the messages sent. Authenticity: you are assured of the persons with whom you are
making an exchange. Non-Repudiability: none of the involved parties can deny that the
exchange took place.
Secure access: Access control: prevent unauthorized users. Audit trials: track down the users.
Jump to first page
Control measures Firewalls Cryptography Digital signature Virus control
Jump to first page
Firewalls Protect nets with unsafe hosts Single point of control and expertise The firewall is often the only secure
piece of an Internet arrangement Backdoors usually diminish the
effectiveness of a firewall Proxy server
Jump to first page
Cryptography Transforming of information into a form
unreadable by anyone without a secret decryption key.
Secret Key (Symmetric) Public Key (Asymmetric) PGP
Jump to first page
Digital Signature A digital signature shows that the
person who signed the document had access to the private key and the pass phrase for the key indicated by the signature and that the document has not been modified since it was signed.
PGP
Jump to first page
Virus Control Using anti-virus software to scan
known viruses to protect the computers.
Need to update frequently. McAfee VirusScan
Jump to first page
Secure Sockets Layer (SSL) Developed by Netscape Communications,
SSL is a security-enhanced abstraction of sockets that provides transaction security at the link or transport level. With SSL, security properties are attached to the link or channel of communication between two parties, not the documents themselves.
Utilizing public and private keys, message digests, digital signatures, and certificates
Jump to first page
Summary Security is a big concern in internet use. Integrated security should have
confidentiality, integrity, authenticity, non-repudiability, access control, audit trials.
The common security controls are firewalls, cryptography, digital signature, virus control.