Beruflich Dokumente
Kultur Dokumente
N. Ganesan, Ph.D.
Firewall
Overview of Firewalls
As the name implies, a firewall acts to
provide secured access between two
networks
A firewall may be implemented as a
standalone hardware device or in the
form of a software on a client computer
The two types of firewall are generally
known as the hardware firewall and the
software firewall
Firewalls in Practice
A computer may be protected by
both a hardware and a software
firewall
Hardware Firewall
What is it?
What it does.
An example.
Firewall use.
What it protects you from.
(Cont.)
Mode of Operation
A firewall that stands in between
two networks will inspect a packet
that is ready to pass between the
networks and allow or block the
packet based on the rules set for
the firewall to operate
Types of Firewall
Packet Filter
Application Gateway
19
Anatomy of a Packet
Header
Contains IP source and destination
addresses
Not visible to end users
Data
Contains the information that it is
intending to send (e.g., body of an e-mail
message)
Visible to the recipient
20
Anatomy of a Packet
(continued)
21
Anatomy of a Packet
(continued)
22
Packet-Filtering Rules
Packet-Filtering Rules
(continued)
Drop all inbound connections; allow only
outbound connections on Ports 80 (HTTP), 25
(SMTP), and 21 (FTP)
Eliminate packets bound for ports that should
not be available to the Internet (e.g., NetBIOS)
Filter out ICMP redirect or echo (ping) messages
(may indicate hackers are attempting to locate
open ports or host IP addresses)
Drop packets that use IP header source routing
feature
24
Packet-Filtering Rules
(continued)
25
Routing
How does a device know where to send
a packet?
All devices need to know what IP
addresses are on directly attached
networks
If the destination is on a local network,
send it directly there
Traditional Connectivity
What is VPN?
Virtual Private Network is a type of private
network that uses public telecommunication,
such as the Internet, instead of leased lines
to communicate.
Became popular as more employees worked
in remote locations.
Terminologies to understand how VPNs work.
Private Network
Secured networks
The Internet is used as the backbone for VPNs
vs
Virtual Private Networks
Encryption
Encryption -- is a method of
scrambling data before
transmitting it onto the Internet.
Public Key Encryption Technique
Digital signature for
authentication
Tunneling
A virtual point-to-point connection
made through a public network. It
transports
Original Datagram Datagram
encapsulated datagrams.
Encrypted Inner Datagram
Datagram Header
What is Cryptography
Cryptography
In a narrow sense
In a broader sense
Cryptanalysis
Cryptology
Cryptography + cryptanalysis
Authentication
Data integrity
Availability
Access control
An entity cannot access any entity that it is not
authorized to.
Anonymity
The identity of an entity if protected from others.
Types of Cryptography
Asymetric key Cryptography
Symmetric key Cryptography
encryption
ciphertext
key
ciphertext
plaintext
decryption
encryption
ciphertext
Public key
Private key
ciphertext
plaintext
decryption
DIGITAL SIGNATURE
131COMPARISON
131
13.47
13.1.1 Inclusion
13.48
13.49
132PROCESS
132
13.50
132Continued
132
13.51
Note
A digital signature needs a public-key system.
The signer signs with her private key; the verifier
verifies with the signers public key.
13.52
13.2.1 Continued
Note
A cryptosystem uses the private and public keys of the
receiver: a digital signature uses
the private and public keys of the sender.
13.53
13.54
Note
A digital signature provides message integrity.
13.55
13.3.3 Nonrepudiation
Figure 13.4 Using a trusted center for nonrepudiation
Note
Nonrepudiation can be provided using a trusted party.
13.56
13.3.4 Confidentiality
Figure 13.5 Adding confidentiality to a digital signature scheme
Note
A digital signature does not provide privacy.
If there is a need for privacy, another layer of
encryption/decryption must be applied.
13.57
What is E-commerce
Distributing, buying, selling and marketing
products and services over electronic systems
E-business for commercial transactions
Involves supply chain management, emarketing, online marketing, EDI(Electronic data
Interchange)
Uses electronic technology such as:
- Internet
- Extranet/Intranet
- Protocols
58
Examples
B2C:
C2C:
B2B:
C2B:
www.amazon.com
www.eBay.com
www.tpn.com
www.priceline.com
B2C
C2C
B2B
C2B
Web Server
Application Server
Database
Internet
Firewall
Client side
Backend system
Intranet
(Secure)
Server side
E-payment System
E payment is a subset of an ecommerce transaction to include
electronic payment for buying and
selling goods or services offered
through the Internet
66
Customer
Bank
Visa
(3rd Party)
Stores
Bank
2. Credit
Authorization
4. Payment
Store
Customer
1. Charge
Credit Cards
A very common method of payment
Cards are issued by a bank
Unique 16-digit number (including
check digits) and an expiration date
Third party authorization companies
verify purchases
69
71
Intrusion
Definitions
Intrusion detection
The process of identifying and responding
to intrusion activities
Intrusion prevention
Extension of ID with exercises of access
control to protect computers from
exploitation
Components of IDS
network based
host based
anomaly detection
signature based misuse
Digital Signatures
digital signatures provide the ability
to:
verify author, date & time of signature
authenticate message contents
be verified by third parties to resolve
disputes
Digital
Signature
Model
What is E-commerce
Distributing, buying, selling and marketing
products and services over electronic systems
E-business for commercial transactions
Involves supply chain management, emarketing, online marketing, EDI(Electronic data
Interchange)
Uses electronic technology such as:
- Internet
- Extranet/Intranet
- Protocols
91
Examples
B2C:
C2C:
B2B:
C2B:
www.amazon.com
www.eBay.com
www.tpn.com
www.priceline.com
E-commerce scenarios
Retailing
Servicing
Publishing
Supply chain management
Discussion: How are they changing?
E-payment System
E payment is a subset of an ecommerce transaction to include
electronic payment for buying and
selling goods or services offered
through the Internet
95
Customer
Bank
Visa
(3rd Party)
Stores
Bank
2. Credit
Authorization
4. Payment
Store
Customer
1. Charge
Credit Cards
A very common method of payment
Cards are issued by a bank
Unique 16-digit number (including
check digits) and an expiration date
Third party authorization companies
verify purchases
97
Data Back Up
Data BackUp
Data Archival
Data Disposal
Data Backup
To manage data properly we consider
data backup which is primarily used
for purpose of data security
Data backup is storage of data
snapshot at certain point of time
Some of the reasons for data lost is:
Continued.
Should you backup files full or incrementally or
differential
The backup software looks at which files have changed
since you last did a full backup. Then creates copies of
all the files that are different from the ones in the full
backup. For restoring all the data, you will only need
the the last full backup, and the last differential backup
Continued..
The backup software creates copies of all the files, or parts of
files that have changed since previous backups of any type
(full, differential or incremental).
For example if you did a full backup on Sunday. An incremental
backup made on Monday, would only contain files changed
since Sunday, and an incremental backup on Tuesday, would
only contain files changed since Monday, an
This method is the fastest when creating a backup.
Restoring from incremental backups is the slowest For
example if you had a full backup and six incremental backups.
To restore the data would require you to process the full
backup and all six incremental backups.
Continued
Where should you store your
backups
How should you validate your
backup copies
In which way should your backup
be organized
Data Archival
Data which is the most valuable asset in an
organization may not be in use completely.
Some part may be moved for future reference
but may not be actively used anymore
Most organization move currently inactive part
of the data to separate storage location
The separated older data is moved to
separate storage location in order so that data
can be retained for longer period of time
Continued
The process of data archival require
moving selected part of data to a
different storage media to improve
system performance
Archived data is indexed so that
finding them in future become easy
You can use archived data for
historical evidences
Data Disposal
Act of permanently deleting or destroying data
stored in a media
Whenver legacy system or devices are replaced
removal of data stored in such system is must
Also its a federal policy legeslatiion that you
should delete your data after some interval of
time
National Institute of Standards and Technology
describe three primary ways in which data can
be deleted.
Continued.
Overwriting hard drives:According to NIST
recommendation harddrives should be
written thrice to erase previous records
Degaussing hard drives and backup tapes:
DeMagnetize your hard drives and magnetic
tapes so as to permanently delete the data
Destroying Storage Media:There are large
shredding machines avialble which can
grind up the media into metal scrap
114