E-Commerce/Web Security

Size: px
Start display at page:

Download "E-Commerce/Web Security"

Transcription

1 E-Commerce/Web Security Prepared For: Software Engineering 4C03 Kartik Sivaramakrishnan McMaster University 2005 Prepared by James Allin

2 1.0 - Introduction E-Commerce Transaction Overview Security Measures Data Interception Data Encryption Conclusion... 5 References... 6

3 1.0 - Introduction As the internet rapidly transforms communication it is also transforming the way in which everyone performs day to day tasks from keeping in touch with friends to commerce. Making purchases with a credit card where security measures were easily handled in person by a responsible retailer are now done between two computers that are large distances apart. Preventing data interception is widely acknowledged to be impossible and yet secure data between parties is a necessity. This paper will examine E- commerce transaction security as it is today. An overview of the typical e-commerce transaction is given below and a discussion of inherent security issues regarding the transaction follows. Interception and privacy will be the focus E-Commerce Transaction Overview According to E-Commerce Digest (n.d.), there are three main communication procedures typically required in an e-commerce transaction: 1. The customer s credit card details must be delivered to the merchant or the payment gateway and are handled by the web servers SSL and merchant s digital certificates. 2. The credit card details must be then passed from the merchant to the bank for credit card processing. This process is handled by the banks payment gateway. 3. The customer order and details must be passed onto the merchant using SSL and digital certificates if it hasn t already been done in step 1. Each communication outlined must have the appropriate measures taken to ensure security. The security of the system is only as good as the weakest link and all parties involved must understand the risks involved with E-Commerce Security Measures To ensure security over the internet, there are two things that we must consider: data interception, and data decryption. Information can be intercepted on the internet in many different ways. When you transmit data over the web you are using a public network and as such, anyone can connect to that network and monitor data being transferred over it. There are however many safety precautions that you can take to help ensure and make it very difficult for your communications to be intercepted and decrypted. Of course, this can be compared to putting an alarm system on your house. No matter what you do to protect yourself, somebody will always find a new way to break in and you are never guaranteed to be safe Data Interception At the lowest level, malicious computer users who want to intercept your information can do so by intercepting the electronic signal through the air if wireless technology is being used or through the wire (E-Commerce Digest, n.d.) if traditional networking technologies are used. Placing a computer on the same network is the most common method since Ethernet devices already know how to interpret the electronic signals sent

4 across the network. Ethernet is programmed to ignore data packets not destined for the particular host that the device is installed on. There are many applications out there, especially for network professionals that allow you to sniff or intercept data packets on the network. These applications allow network professionals to monitor and maintain the network, however, there is nothing preventing a malicious computer user from using this technology negatively. An interception technique that goes a step further is called spoofing where a malicious user puts a device on the network that pretends to be the destination machine. It then intercepts all communications and then turns around and forwards the data on to the real host destination. In this fashion it is very difficult for the two hosts communicating to detect that they are being intercepted. Luckily, the internet relies on routers to direct data across multiple networks. Routers filter data packets depending on their destination as they are passed over the net which restricts a malicious user and requires them to be attached to the same network as the machine they are trying to break into. Interception is inevitable and a fact that we must acknowledge when securing our systems. This leads us to focus on the physical security and access to individual machines and the networks themselves. A number of techniques noted in the E- commerce digest (n.d.) that we can use to limit interception are to: 1. Setup each machine in the transaction, both on the client and server side, with the proper authority and user levels necessary to prevent unauthorized use and access to machines and programs. 2. Ensure proper virus protection software is installed to prevent against computer viruses from making machines vulnerable to security loop holes. 3. Ensure that a firewall has properly been setup to ensure remote users are unable to access and exploit services and system weaknesses. 4. Limit the use of wireless networking technology and ensure that access to server rooms and sensitive computers is restricted. 5.0 Data Encryption The second part of data security in e-commerce relates to securing the data content which is being transmitted. Data encryption comes in many forms and methods. It is used to mask the data being transmitted so that any malicious user who intercepts the data will be unable to interpret and use it. The backbone of data encryption in e-commerce today is SSL. SSL stands for secure socket layer and is a technology initially invented by Netscape (Arizona State University, n.d.) to encrypt data being used with web browsers. Version 2 and 3 of the SSL protocol are in use today and contain features for handling the basic security issues, including: Privacy Integrity Authentication Non-repudiation

5 Other less common, but similar protocols used in e-commerce are PCT(Private Communications Technology) introduced by Microsoft as their own implementation of SSL version 2, as well as TLS(Transport Layer Security), a protocol developed by the IETF (Kaufman, 2002) in an attempt to standardize the other protocols. SSL operates on the basic principle of cryptography where the client and server require a private key to encrypt and decrypt messages. However, the manner in which the protocol allows the two machines to privately tell each other which private key to use and how each machine verifies the others authenticity is unique due to the use of the public key infrastructure. Public key infrastructure explained in class, works based on mathematical principles of modulo arithmetic and allows any person to encrypt a message using the other parties public key; however, only the holder of the private key can then decrypt this message. It also works in the opposite fashion like a digital signature, allowing the private key holder to encrypt messages, that then anybody using the public key can decrypt (NCTU, n.d.). These properties of the public key infrastructure allow for private communication with authenticity. In SSL, each time a secure communication channel is opened between a client and a server, 3 keys are generated and used by each machine to authenticate each other. The process is highlighted in Figure 1 from Kauffman (2002). The client initially wishes to communicate with the server securely and sends message one. This message contains a list of cryptography algorithms that the system supports as well as a random number generated that will be used to encrypt future messages. The server then responds, with a selected cipher algorithm based on the list sent in message one, along with the server s certificate stating who he is and a random number. The client then uses this information to generate a message of random data which is encrypted and sent to the server. The server is then the only one able to decrypt this information, and then uses it to generate a master key which is communicated back to the client and used to encrypt the rest of the communication(nctu, n.d.). Figure 1 - (SSL Authentication) Conclusion It is apparent that E-commerce is not going anywhere. For both business s and E- retailers to protect themselves, it is necessary to educate themselves on the methods for preventing access to their physical systems and networks to prevent against interception of data. However, most importantly they should understand and implement SSL on their machines to encrypt and ensure privacy of personal and customer information during transactions.

6 References Arizona State University.(n.d.).SSL Web Encryption. Retrieved March 21, 2005 from E-Commerce Digest. (n.d.). Ecommerce Security Issues. Retrieved March 20, 2005 from Kaufman, C., Perlman, R. & Speciner, M. (2002). Private Communication in a Public World, 2nd Edition. New York: Prentice Hall National Chiao-Tung University (NCTU).(n.d.). SSL Protocol Overview. Retrieved March 21, 2005 from

e-commerce Study Guide Test 2. Security Chapter 10

e-commerce Study Guide Test 2. Security Chapter 10 e-commerce Study Guide Test 2. Security Chapter 10 True/False Indicate whether the sentence or statement is true or false. 1. Necessity refers to preventing data delays or denials (removal) within the

More information

Computers and Security

Computers and Security The contents of this Supporting Material document have been prepared from the Eight units of study texts for the course M150: Date, Computing and Information, produced by The Open University, UK. Copyright

More information

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks A Security Whitepaper January, 2004 Photo courtesy of NASA Image exchange. Image use in no way implies endorsement by NASA of any of the

More information

Wireless Network Security Fundamentals and Technologies

Wireless Network Security Fundamentals and Technologies Wireless Network Security Fundamentals and Technologies Rakesh V S 1, Ganesh D R 2, Rajesh Kumar S 3, Puspanathan G 4 1,2,3,4 Department of Computer Science and Engineering, Cambridge Institute of Technology

More information

Systems and Network Security (NETW-1002)

Systems and Network Security (NETW-1002) Systems and Network Security (NETW-1002) Dr. Mohamed Abdelwahab Saleh IET-Networks, GUC Spring 2017 Course Outline Basic concepts of security: Attacks, security properties, protection mechanisms. Basic

More information

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

key distribution requirements for public key algorithms asymmetric (or public) key algorithms topics: cis3.2 electronic commerce 24 april 2006 lecture # 22 internet security (part 2) finish from last time: symmetric (single key) and asymmetric (public key) methods different cryptographic systems

More information

14. Internet Security (J. Kurose)

14. Internet Security (J. Kurose) 14. Internet Security (J. Kurose) 1 Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer:

More information

Most Common Security Threats (cont.)

Most Common Security Threats (cont.) Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?

More information

CTS2134 Introduction to Networking. Module 08: Network Security

CTS2134 Introduction to Networking. Module 08: Network Security CTS2134 Introduction to Networking Module 08: Network Security Denial of Service (DoS) DoS (Denial of Service) attack impacts system availability by flooding the target system with traffic or by exploiting

More information

Assistance with University Projects? Research Reports? Writing Skills? We ve got you covered! www.assignmentstudio.net WhatsApp: +61-424-295050 Toll Free: 1-800-794-425 Email: contact@assignmentstudio.net

More information

CPET 581 E-Commerce & Business Technologies. References

CPET 581 E-Commerce & Business Technologies. References CPET 581 E-Commerce & Business Technologies The E-Commerce Security Part 2 of 2 Paul I-Hai Lin, Professor http://www.etcs.ipfw.edu/~lin A Specialty Course for M.S. in Technology IT/Advanced Computer Applications

More information

Network Security and Cryptography. 2 September Marking Scheme

Network Security and Cryptography. 2 September Marking Scheme Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,

More information

Network Security and Cryptography. December Sample Exam Marking Scheme

Network Security and Cryptography. December Sample Exam Marking Scheme Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers

More information

Define information security Define security as process, not point product.

Define information security Define security as process, not point product. CSA 223 Network and Web Security Chapter One What is information security. Look at: Define information security Define security as process, not point product. Define information security Information is

More information

Security: Focus of Control. Authentication

Security: Focus of Control. Authentication Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized

More information

Introduction. Ahmet Burak Can Hacettepe University. Information Security

Introduction. Ahmet Burak Can Hacettepe University. Information Security Introduction Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr Information Security 1 Books Textbook: Network Security: Private Communication in a Public World, 2nd Edition. C. Kaufman, R. Perlman,

More information

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA

More information

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

Threat Modeling. Bart De Win Secure Application Development Course, Credits to Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,

More information

Internet Quick Start Guide. Get the most out of your Midco internet service with these handy instructions.

Internet Quick Start Guide. Get the most out of your Midco internet service with these handy instructions. Internet Quick Start Guide Get the most out of your Midco internet service with these handy instructions. 1 Contents Internet Security................................................................ 4

More information

Security: Focus of Control

Security: Focus of Control Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized

More information

INFORMATION SUPPLEMENT. Use of SSL/Early TLS for POS POI Terminal Connections. Date: June 2018 Author: PCI Security Standards Council

INFORMATION SUPPLEMENT. Use of SSL/Early TLS for POS POI Terminal Connections. Date: June 2018 Author: PCI Security Standards Council Use of SSL/Early TLS for POS POI Terminal Connections Date: Author: PCI Security Standards Council Table of Contents Introduction...1 Executive Summary...1 What is the risk?...1 What is meant by Early

More information

6 Vulnerabilities of the Retail Payment Ecosystem

6 Vulnerabilities of the Retail Payment Ecosystem 6 Vulnerabilities of the Retail Payment Ecosystem FINANCIAL INSTITUTION PAYMENT GATEWAY DATABASES POINT OF SALE POINT OF INTERACTION SOFTWARE VENDOR Table of Contents 4 7 8 11 12 14 16 18 Intercepting

More information

Main area: Security Additional areas: Digital Access, Information Literacy, Privacy and Reputation

Main area: Security Additional areas: Digital Access, Information Literacy, Privacy and Reputation Public Wi Fi Created: March 2016 Last Updated: July 2018 Estimated time: Group or individual activity: Ages: 60 minutes [10 minutes] Activity #1 [15 minutes] Activity #2 [10 minutes] Activity #3 [10 minutes]

More information

Ref:

Ref: Cryptography & digital signature Dec. 2013 Ref: http://cis.poly.edu/~ross/ 2 Cryptography Overview Symmetric Key Cryptography Public Key Cryptography Message integrity and digital signatures References:

More information

The Tension. Security vs. ease of use: the more security measures added, the more difficult a site is to use, and the slower it becomes

The Tension. Security vs. ease of use: the more security measures added, the more difficult a site is to use, and the slower it becomes s10 Security 1 The Tension Security vs. ease of use: the more security measures added, the more difficult a site is to use, and the slower it becomes Security vs. desire of individuals to act anonymously

More information

KALASALINGAM UNIVERSITY

KALASALINGAM UNIVERSITY KALASALINGAM UNIVERSITY (Kalasalingam Academy of Research and Education) DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING CLASS NOTES CRYPTOGRAPHY AND NETWOTK SECURITY (CSE 405) Prepared by M.RAJA AP/CSE

More information

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security Consider 2. Based on DNS, identified the IP address of www.cuhk.edu.hk is 137.189.11.73. 1. Go to http://www.cuhk.edu.hk 3. Forward the

More information

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism Module 9 - Security Issues Separation of Security policies Precise definition of which entities in the system can take what actions Security mechanism Means of enforcing that policy Distributed system

More information

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security 1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security Dr. L. Christofi 1 0. Overview As the knowledge of computer networking and protocols has become more widespread, so the threat of

More information

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.

More information

BEST PRACTICES FOR PERSONAL Security

BEST PRACTICES FOR PERSONAL  Security BEST PRACTICES FOR PERSONAL Email Security Sometimes it feels that the world of email and internet communication is fraught with dangers: malware, viruses, cyber attacks and so on. There are some simple

More information

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology Question Bank Subject: Information Security (160702) Class: BE Sem. VI (CE/IT) Unit-1: Conventional

More information

Chapter 8 Web Security

Chapter 8 Web Security Chapter 8 Web Security Web security includes three parts: security of server, security of client, and network traffic security between a browser and a server. Security of server and security of client

More information

Octopus Online Service Safety Guide

Octopus Online Service Safety Guide Octopus Online Service Safety Guide This Octopus Online Service Safety Guide is to provide you with security tips and reminders that you should be aware of when using online and mobile services provided

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through

More information

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message

More information

WPA SECURITY (Wi-Fi Protected Access) Presentation. Douglas Cheathem (csc Spring 2007)

WPA SECURITY (Wi-Fi Protected Access) Presentation. Douglas Cheathem (csc Spring 2007) WPA SECURITY (Wi-Fi Protected Access) Presentation By Douglas Cheathem (csc 650.01 Spring 2007) OUTLINE Introduction Security Risk Vulnerabilities Prevention Conclusion Live Demo Q & A INTRODUCTION! WPA

More information

WHITE PAPER. Secure communication. - Security functions of i-pro system s

WHITE PAPER. Secure communication. - Security functions of i-pro system s WHITE PAPER Secure communication - Security functions of i-pro system s Panasonic Video surveillance systems Table of Contents 1. Introduction... 1 2. Outline... 1 3. Common security functions of the i-pro

More information

Children s Health System. Remote User Policy

Children s Health System. Remote User Policy Children s Health System Remote User Policy July 28, 2008 Reason for this Policy This policy defines standards for connecting to the Children s Health System (CHS) network from any remote host. These standards

More information

E-commerce security: SSL/TLS, SET and others. 4.2

E-commerce security: SSL/TLS, SET and others. 4.2 E-commerce security: SSL/TLS, SET and others. 4.2 1 The need of authenticated payment SSL protects credit card details while they are transmitted through Internet but Why trust the Merchant? Once credit

More information

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues v Noriyuki Fukuyama v Shingo Fujimoto v Masahiko Takenaka (Manuscript received September 26, 2003) IP telephony services using VoIP (Voice

More information

How Secured2 Uses Beyond Encryption Security to Protect Your Data

How Secured2 Uses Beyond Encryption Security to Protect Your Data Secured2 Beyond Encryption How Secured2 Uses Beyond Encryption Security to Protect Your Data Secured2 Beyond Encryption Whitepaper Document Date: 06.21.2017 Document Classification: Website Location: Document

More information

Introduction to SSL. Copyright 2005 by Sericon Technology Inc.

Introduction to SSL. Copyright 2005 by Sericon Technology Inc. Introduction to SSL The cornerstone of e-commerce is a Web site s ability to prevent eavesdropping on data transmitted to and from its site. Without this, consumers would justifiably be afraid to enter

More information

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010 Cryptography Chapter 8 Network Security Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security An Introduction

More information

Wireless LAN Security (RM12/2002)

Wireless LAN Security (RM12/2002) Information Technology in Education Project Reference Materials Wireless LAN Security (RM12/2002) Infrastructure Division Education Department The Government of HKSAR www.ited.ed.gov.hk December 2002 For

More information

SRM ARTS AND SCIENCE COLLEGE SRM NAGAR, KATTANKULATHUR

SRM ARTS AND SCIENCE COLLEGE SRM NAGAR, KATTANKULATHUR SRM ARTS AND SCIENCE COLLEGE SRM NAGAR, KATTANKULATHUR 603203 DEPARTMENT OF COMPUTER SCIENCE & APPLICATIONS QUESTION BANK 2017-18 Course / Branch : M.Sc.(CST) Semester / Year : VIII / IV Subject Name :

More information

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE Instructor: Prof Aftab Ahmad Office: NB 612 Telephone No. (212)393-6314 Email Address: aahmad@jjay.cuny.edu Office Hours: By appointment TEXT & REFERENCE MATERIAL Text Notes from instructor posted on Blackboard

More information

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any

More information

NGN: Carriers and Vendors Must Take Security Seriously

NGN: Carriers and Vendors Must Take Security Seriously Research Brief NGN: Carriers and Vendors Must Take Security Seriously Abstract: The next-generation network will need to provide security on many levels. A comprehensive set of standards should be in place

More information

Welcome to the new BC Bid!

Welcome to the new BC Bid! BC Bid has a new design, new features and services, but most importantly, a new way of doing business. Beginning in early 2003, suppliers will be able to submit bids and proposals electronically in response

More information

Secure Internet Commerce -- Design and Implementation of the Security Architecture of Security First Network Bank, FSB. Abstract

Secure Internet Commerce -- Design and Implementation of the Security Architecture of Security First Network Bank, FSB. Abstract Secure Internet Commerce -- Design and Implementation of the Security Architecture of Security First Network Bank, FSB. Nicolas Hammond NJH Security Consulting, Inc. 211 East Wesley Road Atlanta, GA 30305-3774

More information

2. INTRUDER DETECTION SYSTEMS

2. INTRUDER DETECTION SYSTEMS 1. INTRODUCTION It is apparent that information technology is the backbone of many organizations, small or big. Since they depend on information technology to drive their business forward, issues regarding

More information

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography Chapter 7: Network security 15-441 Computer Networking Network Security: Cryptography, Authentication, Integrity Foundations: what is security? cryptography authentication message integrity key distribution

More information

E-commerce security: SSL/TLS, SET and others. 4.1

E-commerce security: SSL/TLS, SET and others. 4.1 E-commerce security: SSL/TLS, SET and others. 4.1 1 Electronic payment systems Purpose: facilitate the safe and secure transfer of monetary value electronically between multiple parties Participating parties:

More information

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم بنام خدا تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم امنیت بخشی به سیستمهای فناوری اطالعات Securing Information Systems 1 Learning Objectives Describe the business value of security and control.

More information

A Review Paper on Network Security Attacks and Defences

A Review Paper on Network Security Attacks and Defences EUROPEAN ACADEMIC RESEARCH Vol. IV, Issue 12/ March 2017 ISSN 2286-4822 www.euacademic.org Impact Factor: 3.4546 (UIF) DRJI Value: 5.9 (B+) A Review Paper on Network Security Attacks and ALLYSA ASHLEY

More information

Data Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II

Data Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II Data Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II Hello and welcome to today's lecture on secured communication.

More information

Certificate-based authentication for data security

Certificate-based authentication for data security Technical white paper Certificate-based authentication for data security Table of Contents Introduction... 2 Analogy: A simple checking account... 2 Verifying a digital certificate... 2 Summary... 8 Important

More information

Distributed Systems. Lecture 14: Security. 5 March,

Distributed Systems. Lecture 14: Security. 5 March, 06-06798 Distributed Systems Lecture 14: Security 5 March, 2002 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication

More information

Simple and Powerful Security for PCI DSS

Simple and Powerful Security for PCI DSS Simple and Powerful Security for PCI DSS The regulations AccessEnforcer helps check off your list. Most merchants think they are too small to be targeted by hackers. In fact, their small size makes them

More information

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : ISACA CISA ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : http://killexams.com/pass4sure/exam-detail/cisa QUESTION: 390 Applying a digital signature to data traveling in a

More information

Application of Cryptographic Systems. Securing Networks. Chapter 3 Part 4 of 4 CA M S Mehta, FCA

Application of Cryptographic Systems. Securing Networks. Chapter 3 Part 4 of 4 CA M S Mehta, FCA Application of Cryptographic Systems Securing Networks Chapter 3 Part 4 of 4 CA M S Mehta, FCA 1 Application of Cryptographic Systems Learning Objectives Task Statements 1.3 Recognise function of Telecommunications

More information

Chapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads

Chapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads Cryptography p y Chapter 8 Network Security Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security An Introduction

More information

Introduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?

Introduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable? Introduction Controlling Information Systems When computer systems fail to work as required, firms that depend heavily on them experience a serious loss of business function. M7011 Peter Lo 2005 1 M7011

More information

Lecture III : Communication Security Mechanisms

Lecture III : Communication Security Mechanisms Lecture III : Communication Security Mechanisms Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 X.800 : Security

More information

Cryptography (Overview)

Cryptography (Overview) Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography

More information

(2½ hours) Total Marks: 75

(2½ hours) Total Marks: 75 (2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.

More information

SECURING YOUR BUSINESS INFRASTRUCTURE Today s Security Challenges & What You Can Do About Them

SECURING YOUR BUSINESS INFRASTRUCTURE Today s Security Challenges & What You Can Do About Them BROTHER SECURITY WHITE PAPER NOVEMBER 2017 SECURING YOUR BUSINESS INFRASTRUCTURE Today s Security Challenges & What You Can Do About Them The last decade has seen many exciting advances in connectivity

More information

Service Managed Gateway TM. Configuring IPSec VPN

Service Managed Gateway TM. Configuring IPSec VPN Service Managed Gateway TM Configuring IPSec VPN Issue 1.2 Date 12 November 2010 1: Introduction 1 Introduction... 3 1.1 What is a VPN?... 3 1.2 The benefits of an Internet-based VPN... 3 1.3 Tunnelling

More information

SYSTEM THREAT ANALYSIS FOR HIGH ASSURANCE SOFTWARE DEFINED RADIOS

SYSTEM THREAT ANALYSIS FOR HIGH ASSURANCE SOFTWARE DEFINED RADIOS SYSTEM THREAT ANALYSIS FOR HIGH ASSURANCE SOFTWARE DEFINED RADIOS David Murotake, (SCA Technica, Inc. Nashua NH, USA; david.murotak@scatechnica.com) Antonio Martin (SCA Technica, Inc., Nashua NH, USA;

More information

R (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.

R (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing. R (2) N (5) Oral (3) Total (10) Dated Sign Experiment No: 1 Problem Definition: Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing. 1.1 Prerequisite:

More information

Viability of Cryptography FINAL PROJECT

Viability of Cryptography FINAL PROJECT Viability of Cryptography FINAL PROJECT Name: Student Number: 0151677 Course Name: SFWR ENG 4C03 Date: April 5, 2005 Submitted To: Kartik Krishnan Overview: The simplest definition of cryptography is The

More information

Security & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of

Security & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of Contents Security & Privacy Contents Web Architecture and Information Management [./] Spring 2009 INFO 190-02 (CCN 42509) Erik Wilde, UC Berkeley School of Information Abstract 1 Security Concepts Identification

More information

Secure Network Design Document

Secure Network Design Document Secure Network Design Document May 3, 2007 Authored by: Steven Puzio TABLE OF CONTENTS I. Overview... 3 II. Company Information... 5 III. Wiring Closet Cabling and Design... 6 IV. Network Electronics Selection...

More information

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK REVIEW ON IMPLEMENTATION OF SECURITY MODEL FOR E-COMMERCE THROUGH AUTHENTICATION

More information

ISC2. Exam Questions CISSP. Certified Information Systems Security Professional (CISSP) Version:Demo

ISC2. Exam Questions CISSP. Certified Information Systems Security Professional (CISSP) Version:Demo ISC2 Exam Questions CISSP Certified Information Systems Security Professional (CISSP) Version:Demo 1. How can a forensic specialist exclude from examination a large percentage of operating system files

More information

RES Version 3.2 Service Pack 7 Hotfix 5 with Transaction Vault Electronic Payment Driver Version 4.3 PCI Data Security Standard Adherence

RES Version 3.2 Service Pack 7 Hotfix 5 with Transaction Vault Electronic Payment Driver Version 4.3 PCI Data Security Standard Adherence RES Version 3.2 Service Pack 7 Hotfix 5 with Transaction Vault Electronic Payment Driver Version 4.3 PCI Data Adherence General Information About This Document This document is intended as a quick reference

More information

Point ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core

Point ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core PCI PA - DSS Point ipos Implementation Guide Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core Version 1.02 POINT TRANSACTION SYSTEMS AB Box 92031,

More information

Internet and Intranet Protocols and Applications

Internet and Intranet Protocols and Applications Internet and Intranet Protocols and Applications Lecture 10: Internet and Network Security April 9, 2003 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu What is network

More information

19.1. Security must consider external environment of the system, and protect it from:

19.1. Security must consider external environment of the system, and protect it from: Module 19: Security The Security Problem Authentication Program Threats System Threats Securing Systems Intrusion Detection Encryption Windows NT 19.1 The Security Problem Security must consider external

More information

Renovating our security management: New ways to protect your infrastructure

Renovating our security management: New ways to protect your infrastructure Renovating our security management: New ways to protect your infrastructure Suguru Yamaguchi Nara Institute of Science and Technology Japan Feb. 25th, 2004 APRICOT@KL, MY 1 Overview Discuss 2 topics about

More information

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology

More information

Chapter 8 Network Security

Chapter 8 Network Security Chapter 8 Network Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and

More information

Cryptography and Network Security. Saint Leo University. COM 450- Network Defense and Security. Instructor: Dr. Omar.

Cryptography and Network Security. Saint Leo University. COM 450- Network Defense and Security. Instructor: Dr. Omar. Saint Leo University COM 450- Network Defense and Security Instructor: Dr. Omar Group members: Ivanna, Tracey, Romario, Chevon March 13, 2018 Abstract This paper will look at different aspects of Cryptography,

More information

E-Commerce Security Pearson Prentice Hall, Electronic Commerce 2008, Efraim Turban, et al.

E-Commerce Security Pearson Prentice Hall, Electronic Commerce 2008, Efraim Turban, et al. E-Commerce Security 2008 Pearson Prentice Hall, Electronic Commerce 2008, Efraim Turban, et al. Learning Objectives 1. Explain EC-related crimes and why they cannot be stopped. 2. Describe an EC security

More information

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of

More information

Verteilte Systeme (Distributed Systems)

Verteilte Systeme (Distributed Systems) Verteilte Systeme (Distributed Systems) Lorenz Froihofer l.froihofer@infosys.tuwien.ac.at http://www.infosys.tuwien.ac.at/teaching/courses/ VerteilteSysteme/ Security Threats, mechanisms, design issues

More information

CISCO IT DEPARTMENT DEPLOYS INNOVATIVE CISCO APPLICATION- ORIENTED NETWORKING SOLUTION

CISCO IT DEPARTMENT DEPLOYS INNOVATIVE CISCO APPLICATION- ORIENTED NETWORKING SOLUTION CUSTOMER TESTIMONIAL CISCO IT DEPARTMENT DEPLOYS INNOVATIVE CISCO APPLICATION- ORIENTED NETWORKING SOLUTION EXECUTIVE SUMMARY Visionary Technology Provides New Model for Application Infrastructure Services

More information

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two

More information

Distributed Systems. Lecture 14: Security. Distributed Systems 1

Distributed Systems. Lecture 14: Security. Distributed Systems 1 06-06798 Distributed Systems Lecture 14: Security Distributed Systems 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication

More information

Introduction to Computer Security

Introduction to Computer Security Introduction to Computer Security Instructor: Mahadevan Gomathisankaran mgomathi@unt.edu CSCE 4550/5550, Fall 2009 Lecture 9 1 Announcements Assignment 1 Graded (out of 100) Max: 95 Min: 50 Mean: 77.33

More information

PCI PA - DSS. Point Vx Implementation Guide. Version For VeriFone Vx520, Vx680, Vx820 terminals using the Point Vx Payment Core (Point VxPC)

PCI PA - DSS. Point Vx Implementation Guide. Version For VeriFone Vx520, Vx680, Vx820 terminals using the Point Vx Payment Core (Point VxPC) PCI PA - DSS Point Vx Implementation Guide For VeriFone Vx520, Vx680, Vx820 terminals using the Point Vx Payment Core (Point VxPC) Version 2.02 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm,

More information

PCI DSS Compliance. White Paper Parallels Remote Application Server

PCI DSS Compliance. White Paper Parallels Remote Application Server PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3

More information

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm

More information

Textbook: Ahmet Burak Can Hacettepe University. Supplementary books:

Textbook: Ahmet Burak Can Hacettepe University. Supplementary books: Basic Ciphers Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr Books Textbook: Network Security: Private Communication in a Public World, 2nd Edition. C. Kaufman, R. Perlman, and M. Speciner,

More information

Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier

Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier Presented by Joshua Schiffman & Archana Viswanath Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier Trust Models Rooted Trust Model! In a

More information

Introduction to Cryptography in Blockchain Technology. December 23, 2018

Introduction to Cryptography in Blockchain Technology. December 23, 2018 Introduction to Cryptography in Blockchain Technology December 23, 2018 What is cryptography? The practice of developing protocols that prevent third parties from viewing private data. Modern cryptography

More information

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Brad Karp UCL Computer Science CS GZ03 / M030 20 th November 2017 What Problems Do SSL/TLS Solve? Two parties, client and server, not previously

More information

Ruijie Anti-ARP Spoofing

Ruijie Anti-ARP Spoofing White Paper Contents Introduction... 3 Technical Principle... 4 ARP...4 ARP Spoofing...5 Anti-ARP Spoofing Solutions... 7 Non-Network Device Solutions...7 Solutions...8 Application Cases of Anti-ARP Spoofing...11

More information

10EC832: NETWORK SECURITY

10EC832: NETWORK SECURITY 10EC832: NETWORK SECURITY Objective: In this electronic age, security and privacy are two of the issues whose importance cannot be stressed enough. How do we ensure the systems we use are resistant to

More information