SECURITY ISSUES INTERNET WORLD WIDE WEB FOR THE AND THE

Size: px

Start display at page:

Download "SECURITY ISSUES INTERNET WORLD WIDE WEB FOR THE AND THE"

Damon Butler
8 years ago
Views:

1 SECURITY ISSUES FOR THE INTERNET AND THE WORLD WIDE WEB

2 - Internet connections: a back door into the enterpre. - Internet security incidents. - Viruses and how they spread. - The internet as a hacker s information Network. - Truths about security Most security breaches go undetected, Of the breaches detected, most go unreported, and While external threats are real, most security incidents originate from within the organization, not from outside. 2 2

- Truths about security Most security breaches go undetected, Of the breaches detected, most go

3 - What do thieves want? 97.0% 96.0% 95.0% 94.0% 93.0% 92.0% 91.0% 90.0% 89.0% Credit Card Fraud Telecommunication Fraud Personal Use of Computers Unauthorized Snooping in Files Cellular Phone Fraud Software Piracy 88.0% Corporate Computer Crimes 3 3

4 Cannibalization of exting channels 2.6 Consequences of low market penetration Demand creation from adverting Integration with exting business processes 3.9 Managing success and scalability 3.6 Security Transactional Integrity Not Very concerned concerned Concerns about E-commerce 4 4

1 Integration with exting business processes 3.

5 22% 13% 12% E-commerce sites 4% 7% 1% Informational sites Loss of information Theft data or trade secrets lost revenues Breaches at E-commerce Sites Versus Informational Web Sites 5 5

6 - Security a complex sue Everything Everything Everything Everything forbidden forbidden forbidden forbidden (even (even what what (except (except what what should should be be explicitly explicitly allowed) allowed) allowed) allowed) Everything Everything allowed allowed except except what what explicitly explicitly forbidden forbidden Everything Everything allowed allowed (especially (especially what what should should be be forbidden) forbidden) More Secure Less Secure P aranoid P rudent P ermsive P romcuous موسوس حذر متساهل متسيب Non intrusive Intrusive No Internet Connection No Security Security as a Continuum 6 6

explicitly forbidden forbidden Everything Everything allowed allowed (especially (especially what what should should be be forbidden) forbidden) More Secure

7 - Security concepts and technology Security Goal Confidentiality Assurance Control Integrity Security Technology Encryption, network address translation (which hides corporate systems behind a firewall), file permsions on host computer Authentication using passwords, one time passwords, Kerberos (for users and resources), digital signatures (for messages), IPv6 (Internetwide authentication) Firewalls that monitor in-coming and out-going traffic Antivirus software, Tripwire (software that monitors to see if key files have been changed) 7 7

one time passwords, Kerberos (for users and resources), digital signatures (for messages), IPv6 (Internetwide authentication) Firewalls

8 - Roadblocks to security 42% 46% 46% Unclear Responsibilities Lack of Management Support Lack of Management Awareness Budget Constraints Lack of User Awareness 56% 73% 0% 10% 20% 30% 40% 50% 60% 70% 80% 8 8

Management Awareness Budget Constraints Lack of

9 1. Internet Security Rks Motivations Corporate espionage - S/W piracy and intellectual property Information Warfare A Cover of Their Tracks Understanding the Criminal Element Kevin Mitnick The Cuckoo s Egg Software for Hackers Electronic Bank Robbery Hot Items for Theft Minimizing Internal Security Rks Types of Rks 9 9

the Criminal Element Kevin Mitnick The Cuckoo s Egg Software for Hackers

10 10 10 Physical Security The Danger of Computer Seizure Hacking the Phone System (تعریفه) Tapping Physical Links Network Based Rks Dangers of the Internet as a Transmsion Medium (محاآاة بخداع) IP Spoofing (اختطاف) Session Hijacking Viruses Consumer Scams ( (نصب (Clever and Dhonest) Denial of Service Attacks Password Theft Operating System and S/W Vulnerabilities FTP Rks Rks

بخداع) IP Spoofing (اختطاف) Session Hijacking Viruses Consumer Scams ( (نصب (Clever and

11 Encryption: A Key Technology The Science Of Cryptography Secret Key Cryptography Data Encryption Standard (DES) Public Key Cryptography RSA Data Security Methods Of Key Exchange. Attacks On Encryption Levels of Encryption Application Level Encryption Link Level Encryption Network Level Encryption How Packet Level Encryption Works TCP/IP Security: IPSEC

Encryption Standard (DES) Public Key Cryptography RSA Data Security Methods Of Key

12 Router Based Encryption Encryption in Firewalls VPNs Key Escrow Key Escrow Initiatives: who wants to hold the keys? Buying Encryption Products Drawbacks To Encryption Nations That Restrict Encryption 12 12

13 3. Digital Signatures and Authentication The First Line Of Defense: Reusable Passwords Biometric Authentication Network Level Authentication : Kerberos IPSEC s Authentication Header Digital Signatures And Public Key Encryption Time Stamping Messages The Legality of Digital Signatures 13 13

: Kerberos IPSEC s Authentication Header Digital Signatures And Public

14 4. Firewalls: Creating A Shield For Corporate Systems What Is a Firewall? Who Needs A Firewall? Types Of Firewalls Packet Filters Application Gateways Authentication and Firewalls Network Address Translation Evaluating Firewall Products 14 14

Types Of Firewalls Packet Filters Application Gateways

15 5. Security Scanners Intrusion Detection System Automated Security Scanners (إبليس / شيطان) SATAN Bell Core s PingWare 2.0 Internet Security Systems Inc. s Internet Security Scanner (ISS) Identifying And Dabling Viruses 15 15

Core s PingWare 2.0 Internet Security Systems Inc.

16 6. Transaction Security: Enabling Technology for Electronic Commerce Problems Raed By Electronic Commerce Secure Transaction Protocols Secure Payment Methods Transaction Security Standards: SET CyberCash s Secure Internet Payment Service Electronic Checks Digital Cash Token Based Digital Cash Notational Digital Cash EDI Over The Internet 16 16

Security Standards: SET CyberCash s Secure Internet Payment Service Electronic Checks

17 7. Security For The Web And Other Information Services Web Server Security Issues Security Issues For Web Users The Security Implications Of Java Netscape s Java Script Web Security Resources Security Rks of Providing Internet Information Services 17 17

Security Implications Of Java Netscape s Java Script Web

18 8. Developing Security Policies And Procedures Why Policy First? Security Goals Steps In Developing Policies Determine What Threats Ext Explore Methods to Address The Threats Examples of Security Policies 18 18

19 The End Thank You

Internet Security Specialist Compaq Computer

Internet Security Specialist Compaq Computer Proof of Concept Partners Projects Workshop Seminars Customer Briefings Compaq White Paper Performance White Papers ASE Symposium $40-80 billion potential