Rehan Ullah

SECURITY
 REQUIREMENTS OF SECURITY OVER THE
INTERNET
 Privacy
 The ability to control who sees(or cannot see) information and
under what terms.
 Authenticity
 The ability to know the identities of communicating parties.
 Integrity
 The assurance that stored or transmitted information is unaltered.
 Availability
 The ability to know when information and communication services
will(or will not be ) available.
 Blocking
 The ability to block unwanted information or intrusions.
 SECURITY AT DIFFERENT LEVELS /
TYPES OF SECURITY
 Network security
 Firewalls
 Kerberos
 Biometrics
 Steganography
 Transaction security
 Encryption
 Digital signatures
 Digital certificates
 Security over the web
 SSL
 SET
 NETWORK SECURITY
 The goal of network security is to allow
authorized users access to information and
services while preventing unauthorized users
from gaining access to and possibly corrupting,
the network.

 There is a trade-off between network security

and network performance.
 METHODS/MEANS FOR NETWORK
SECURITY
 Firewalls
 Kerberos
 Biometrics
 Steganography
 FIRE WALL
 A fire wall is defined as software or hardware that allows
only those external users with specific characteristics to
access a protected network(or site).
 A firewall allows insiders to have full access to services
on the outside while granting access from outside on a
selective basis , based on usernames and passwords,
Internet IP addresses or domain name.
 A firewall is not simply a hardware or software it is an
approach to implementing a security policy that defines
the services and access to be permitted to various users.
FIRE WALL
 HOW A FIREWALL WORKS?
 A firewall works by establishing a barrier between the corporate
network(secure network) and the external Internet( untrusted
network).
 This barrier shields vulnerable corporate networks from preying
eyes in the public network.
 A firewall implements an access policy by forcing connections to
pass through the firewall where they can be examined and audited.
 A firewall controls traffic between internal and external networks by
providing a single check point for access control and auditing.
 CONTINUED…
 As a result, unauthorized Internet hosts cannot directly
access computers inside the network but authorized internal
users can still use Internet services outside of the network.
 A firewall system is usually located at a gateway point,
such as the place where a site connects to the internet but
can be located at internal gateways in order to provide
protection for a smaller collection of hosts or subnets.
 CATEGORIES OF FIREWALLS
 Static Firewalls
Static firewalls can be one of the two types:
 Default Permit: This type allows all the incoming traffic except the
one explicitly blocked by the firewall administrator.
 Default Deny: This type blocks all the incoming traffic except the
one explicitly allowed by the firewall administrator.
 Dynamic Firewalls
 Dynamic firewalls manages the firewall in a dynamic fashion.
 Dynamic firewall allows both denial and permission of any service
for a given time period or permanently.
 TYPES OF FIREWALLS
 Simple traffic logging systems
 IP packet screening routers
 Hardened firewall hosts
 Proxy application gateways
 SIMPLE TRAFFIC LOGGING SYSTEMS
 Traffic logging systems are the predominant firewall method used in
web servers.

 Such systems record all network traffic flowing through the firewall
in a file or database for auditing purposes.

 On most web servers an HTTPD log(Hyper Text Transfer Protocol

Daemon) also called audit log file, lists every access of files on a
given Web site.

 It records the name of the file accessed, the domain name that the
user came in on, the exact second of the access and the number of
bytes transmitted.
BENEFITS OF ANALYZING THE AUDIT
LOG
 What are the peak demand hours?
 What directories and pages are most frequently requested?
 How many times was the homepage requested?
 Does the website have any broken content links?
 What browsers are visitors using?
 How many requests for product information have been received this
week?
 How does that compare to last week?
 What type of Information is being requested by existing customers?
By competitors?
 IP PACKET SCREENING ROUTERS
 The screening router (also called a packet-filtering
gateway) is the simplest firewall.

 The screening router operates by filtering information

packets that pass through the firewall.

 The firewall router filters incoming packets and permits

or denies IP packets based on several screening rules that
are programmed in to the router and performed
automatically.
 MOST FREQUENT SCREENING RULES
 Incoming packet protocol
 Control filtering of network traffic based on protocol
(TCP,UDP,ICMP).
 Destination application to which the packet is routed.
routed
 Restrict access to certain applications, target TCP port 80 usually
reserved for the Web server application.
 Known source IP address
 Block access to packets coming from certain IP addresses.
 For instance , everything coming from a non corporate site such as
an .edu address could be screened and thrown away.
 HARDENED FIREWALL HOST
 A hardened firewall host is a computer (with well-tested
resources) that has been configured for increased
security.

 A hardened firewall host requires inside or outside users

to connect to the trusted applications on the firewall
machine before connecting further.

 Generally, these firewalls are configured to protect

against unauthenticated interactive log-ins from the
external world.
 HARDENED FIREWALL HOST
 More than any other mechanism, the hardened firewall
host helps prevent unauthorized users from logging onto
machines on the network.

 A hardened firewall computer records who has logged on

to a system as well as who has tried to log on but failed.

 Through logging and auditing the companies can tell the

difference between a casual knock at the door and
malicious hacking.
 PROXY APPLICATION GATEWAY
 Firewalls can also be created through software called a proxy service.
 The host computer running the proxy service is referred to as an
application gateway.
 Application gateways sit between the Internet and a company’s internal
network and provide middleman services or proxy services to users on
either side.
 If a computer user on one company’s network wants to talk to a user at
another organization, the first user actually talks to the proxy
application on the firewall, the proxy then talks to the remote computer.
 Similarly, outside hosts talk to internal computers through the proxy on
the firewall.
 The firewall thus serves as a proxy for traffic in both directions and can
support a number of Internet navigation software programs such as the
world wide web.
 PROXY APPLICATION GATEWAY
 Consider a website that blocks all incoming HTTP connections
using a packet filtering router.
 The router allows HTTP packets to go to one host only the web
application gateway.
 A user who wishes to connect inbound to an internal website would
have to connect first to the application gateway and then to the
destination host, as follows:
 Browser first “talks” to the Web server on the application gateway
and provides the name of an internal host.
 The gateway checks the user’s source IP address and accepts or
rejects it according to any access criteria in place.
 PROXY APPLICATION GATEWAY
 The browser may need to authenticate itself(possibly
using a password) .
 The proxy service creates an HTTP connection between
the gateway and internal host.
 The proxy service then passes bytes between the two
connections and the application gateway audits the
connection.
 KERBEROS
 Firewalls do not protect you from internal security
threats to your local area network.
 Internal attacks are common and can be extremely
damaging.
 For example, disgruntled employees with network access
can break in to the organization network or steal valuable
, proprietary information.
 It is estimated that 70% to 90% attacks on corporate
networks are internal.
 Kerberos is a freely available open source protocol
developed at MIT.
 HOW IT WORKS?
 It employs symmetric key cryptography to authenticate
users in a network to maintain integrity and privacy of
network communications.
 Authentication in Kerberos system is handled by a main
Kerberos system and secondary ticket Granting
Service(TGS).
 The main Kerberos system authenticates a client identity
to the TGS, the TGS authenticates client’s rights to
access specific network services.
 BIOMETRICS
 Biometrics uses unique personal information such as
finger prints, eyeball iris and retina scans to identify a
user.
 This eliminates the need for passwords, which are much
easier to steal.
 Each user’s iris scan, face scan or fingerprint stored in a
secure database.
 Each time a user logs in, their scan is compared to the
database.
 www.iriscan.com & www.keytronic.com
 STEGANOGRAPHY
 Steganography is the practice of hiding information within other
information.
 The term literally means covered writing.
 Steganography allows you to take a piece of information such as a
message, image and hide it within another image, message or even
an audio clip.
 Steganography takes advantage of insignificant space in digital files,
in images or on removable disks.
 If you have a message that you want secretly, you can hide the
information within another message so no one but the intended
receiver can read it.
 If you want to tell your stock broker to buy the stock you can send
him the message BURRIED UNDER YARD.
 E.g. Digital water marking.
HAVE A NICE
DAY!!!