Kittiphan Techakittiroj (19 . . 2566เม ย )
Network Security(the Internet Security)
Kittiphan Techakittiroj
Kittiphan Techakittiroj (19 . . 2566เม ย )
Goals of Security
• Ensure the only authorized individuals have ac
cess to information
• Preventing unauthorized creation, alteration, or
destruction of data
• Ensuring that legimate users are not denied acc
ess to information
• Ensuring that resources are used in legitimate
way
Kittiphan Techakittiroj (19 . . 2566เม ย )
Classication of Security
• Communication security
– signal
• Computer security
– user permission
– file sharing access control
Kittiphan Techakittiroj (19 . . 2566เม ย )
Classication of Security (secondary)Classication of Security
• Physical security: locks on doors, access badges, b
iometrics
• Personnel security: employee screening
• Administrative security: investigation of security b
reaches, policy
• Information/data security: controlling the reporduc
tion of sensitive material
• Online security: controlling access to online data
Kittiphan Techakittiroj (19 . . 2566เม ย )
Classication of Security Violation
• Cracking
• Spoofing
• Snooping
• Social Engineering
• Denial of Service
Kittiphan Techakittiroj (19 . . 2566เม ย )
Cracking
• Often called as “Hacking”
• Break through the security by using the
knowledge of
– Software Engineer
– Computer Network
– Operating System
– etc.
Classification of Security Violation
Kittiphan Techakittiroj (19 . . 2566เม ย )
Cracker
• few real crackers (super crackers)
• other cracker used
– asking expert
– public available information (WWW)
• protected by
– security report
– patches, updates and hot fixes
Classification of Security Violation: Cracking
Kittiphan Techakittiroj (19 . . 2566เม ย )
Spoofing• Act as the others, e.g.
– fake e-mail: e.g. sending an e-mail by pretending to b
e other (theoritical can be any name)
– fake IP: e.g. to gain accesses to the prohibit area
Classification of Security Violation
http://www.data.com/roundups/images/vpn_servers_figure1.html
Kittiphan Techakittiroj (19 . . 2566เม ย )
Spoofing
• Starting point for other security violation
• False information
• protected by
– digital signature
– digital certification
Classification of Security Violation
Kittiphan Techakittiroj (19 . . 2566เม ย )
Snooping
• Steal information during transmission
• Hardware:
– Packet Sniffer
– usually need access to the physical network
• Software:
– capture keystroke
Classification of Security Violation
Kittiphan Techakittiroj (19 . . 2566เม ย )
Snooping cont.
• Other:
– Trashing (happened to credit card number)
• protected by:
– encryption
– security access control
Classification of Security Violation
Kittiphan Techakittiroj (19 . . 2566เม ย )
Social Engineering
• Talking between user and cracker
• Serious and Common
• protected by:
– policy
– knowledge of users
Classification of Security Violation
Kittiphan Techakittiroj (19 . . 2566เม ย )
Denial of Service
• attack the weakness of the network, e.g.
– spamming e-mail (mail bomb)
– spamming web request
– WinNuke
• protected by:
– hot fixes & patches
– firewall
– logging system
Classification of Security Violation
Kittiphan Techakittiroj (19 . . 2566เม ย )
Benefit of Security
• Confidentiality
• Authentication (including access control)
• Message Digest (including data integrity)
– protect unknown modification, e.g. virus
– sampling keywords of the information and do the
encryption
• Non-repudiation: digital signature & certification
Kittiphan Techakittiroj (19 . . 2566เม ย )
Potential Security Risk
• Lack of safeguards
• poorly configured & administered systems
• basic security problems with communication
protocol (IP, TCP, UDP)
• faulty service program
• basic security problem with service programs
(WWW, FTP)
Kittiphan Techakittiroj (19 . . 2566เม ย )
General rules for Protection
• software current & update
– fixed & patch & upgrade
• encrypt sensitive information
• train user & administrator
– password & security
– policy
• monitoring: 100% monitor --> 100% secure
Kittiphan Techakittiroj (19 . . 2566เม ย )
Standard Technology on Security
• firewall: packet filtering & proxy
• Intrusion Detection Systems:
Detect the attack before it happens
• Network Address Translation:
Not design for scurity but generate a high-level o
f security
• encryption
– VPN (virtual private network)
– digital signature & certification
General rules for Protection
Kittiphan Techakittiroj (19 . . 2566เม ย )
Emerging Technology on Security
• encryption
– SET, S-HTTP, IPSec (IP Security Protocol), S
SL or TLS (Transport Layer Security), CDSA
(Common Data Security Architecture), XBSS
(Baseline Security Services), XDAS (Distribut
e Audit Service), XSSO (Single Sign On)
General rules for Protection
Kittiphan Techakittiroj (19 . . 2566เม ย )
Reference Books
Developing Secure Commerce Applications by Onli
ne O’Reilly Web Development Courses (http://20
8.233.153.3/oreilly/security/westnet: 1999)