Security and the internet

Document Sample
Security and the internet Powered By Docstoc
					            ITSS 4201 Internet Insurance and
                   Information Hiding




                 Security
             in e-commerce

   University of Palestine
   Eng. Wisam Zaqoot
   March 2010
                  Security
• You have to protect a computer
  system and data from deliberate or
  accidental damage

    Natural disasters      Theft
    Fire                   Theft or destruction
                             of data
    Accidents
                            Industrial espionage
    Vandalism
                            Hackers
              Security
     Identification and Access
   Provide access to authorized
    individuals only
   Authentication and Authorization
             Authentication
   Authentication:
    You try to answer ‘Who are you ?’
    • Password
    • Identification number
    • Combination of psw and ID#
    • Fingerprints
    • Voice pattern
    • Retina of the eye
    • Entire face
             Authorization
   Authorization: You try to answer
    ‘What are you allowed to do ?’
   Ideally, a specific user is allowed to
    do specific things and is prevented
    from doing specific things.
              Security
     Identification and Access

   Internal controls
    • Transaction log
   Auditor checks
    • Who has accessed data during periods
      when that data is not usually used?
   Built-in software protection
    • Record unauthorized access attempts
    • User profile
             Backup
    What Can Cause Data Loss?
   Incorrect software use
   Input data incorrectly
   Software may harm data
   Hard disk malfunctions
   Accidentally delete files
   Virus infection
              Security
       and Disaster Recovery
   Physical security with locks and cables
   Uninterruptible power supply (UPS)
   Backup files regularly and
    systematically. (where should I save
    my backups?)
    • Everything except hardware should be safely
      stored in geographically distant locations
   Can you suggest other measurments of
    security? For example: make a disaster
    recovery plan
                   Backup
Methods:               Media:

   Full backup        Diskette
   Differential       Tape
    backup             Zip disk
                       CD-R / CR-RW
   Incremental
                       DVD-RAM
    backup
                       Mirrored hard
                       drive
                   Worms
   Transfers over a network
   Plants as a separate file on the
    target’s computer


                  Trojans
       What are Trojan horses
               Viruses
   Illicit instructions that pass
    themselves on to other
    programs
    • Benign
    • Damaging to computer
   Digital vandalism
                Viruses
Vaccine or antivirus
   Stops the spread of and eradicates
    the virus
   Install software
   Download signature files regularly
                 Viruses
   Retrovirus
    • Fights the vaccine and may delete
      the antivirus software
   Costs
    • Billions of dollars a year
    • Aggravation to individual users
        Challenges to Security
           on the internet
   Internet was never designed with security in
    mind.
   Many companies fail to take adequate
    measures to protect their internal systems
    from attacks.
   Security precautions are expensive
    {firewalls, secure web servers, encryption
    mechanisms}.
   Security is difficult to achieve.
             Security
          and the internet
Two Major Developments During the Past
  Decade:
1. Widespread Computerization
2. Growing Networking and Internetworking
    The Internet
 Need for Automated Tools for Protecting
  Files and Other Information.
 Network and Internetwork Security refer
  to measures needed to protect data during
  its transmission from one computer to
  another in a network or from one network
  to another in an internetwork.
                  Security
               and the internet
Network security is complex. Some reasons
  are:
 Requirements for security services are:
    •    Confidentiality
    •    Authentication
    •    Integrity (Insure that writing or operations are
        allowed and correct)
   Key Management is difficult.
    Creation, Distribution, and Protection of Key
    information calls for the need for secure
    services, the same services that they are
    trying to provide.
               Security
            and the internet
   In 1996 the Pentagon revealed that in the
    previous year it had suffered some two
    hundred fifty thousand attempted
    intrusions into its computers by hackers
    on the Internet

   Nearly a hundred sixty of the break-ins
    were successful.

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:10
posted:9/29/2012
language:Unknown
pages:17