Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Web security

Download as PPTX, PDF
Himanshu Tyagi
Himanshu Tyagi

This document discusses web security requirements for e-commerce. It outlines threats like intellectual property theft, client computer vulnerabilities, insecure communication channels, and server exploits. It then explains the security triad of confidentiality, integrity and availability. Various methods to ensure each are described, including passwords, encryption, access controls and system updates. Network security and firewall types like packet filtering, application proxies and network address translation are also summarized. The document concludes by noting limitations of solely focusing on the security triad and importance of balancing all aspects of security.

Related slideshows

Data Security
Data SecurityData Security
Data Security
 
Hipaa Compliance With IT
Hipaa Compliance With ITHipaa Compliance With IT
Hipaa Compliance With IT
 
Security and management
Security and managementSecurity and management
Security and management
 
1 of 15
WEB SECURITY HIMANSHU TYAGI VIJETA GANDHI JASPREET SINGH
REQUIRMENT FOR SECURE E-COMMERCE  Intellectual property threats  Client computer threats  Communication channel threats  Server threats
SECURITY TRIADS Confidentiality  Integrity Availability
Confidentiality  Ensures that data or an information system is accessed by only an authorized person. User Id’s and passwords, access control lists (ACL) and policy based security are some of the methods through which confidentiality is achieved
Integrity  Integrity assures that the data or information system can be trusted. Ensures that it is edited by only authorized persons and remains in its original state when at rest. Data encryption and hashing algorithms are key processes in providing integrity
Availability  Data and information systems are available when required. Hardware maintenance, software patching/upgrading and network optimization ensures availability
NETWORK SECURITY  Network security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs conducting transactions and communications among businesses, government agencies and individuals.
FIREWALLS  A firewall is a hardware or software system that prevents unauthorized access to or from a network. They can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet. All data entering or leaving the Intranet pass through the firewall, which examines each packet and blocks those that do not meet the specified security criteria. Types of firewall:-  Network layer or packet filters  Application-layer  Proxies  Network address translation
Network layer or packet filters  Network layer firewalls generally make their decisions based on the source address, destination address and ports in individual IP packets. A simple router is the traditional network layer firewall, since it is not able to make particularly complicated decisions about what a packet is actually talking to or where it actually came from. Modern network layer firewalls have become increasingly more sophisticated, and now maintain internal information about the state of connections passing through them at any time.
Application-layer  Application layer firewalls defined, are hosts running proxy servers, which permit no traffic directly between networks, and they perform elaborate logging and examination of traffic passing through them. Since proxy applications are simply software running on the firewall, it is a good place to do lots of logging and access control. Application layer firewalls can be used as network address translators, since traffic goes in one side and out the other, after having passed through an application that effectively masks the origin of the initiating connection, Chris Partsenidis says.
Proxies  Proxy firewalls offer more security than other types of firewalls, but this is at the expense of speed and functionality, as they can limit which applications your network can support.In Proxy firewall traffic does not flow through a proxy. Instead, computers establish a connection to the proxy, which serves as an intermediary, and initiate a new network connection on behalf of the request. This prevents direct connections between systems on either side of the firewall and makes it harder for an attacker to discover where the network is, because they will never receive packets created directly by their target system.
Network address translation  Firewalls often have network address translation {NAT} functionality, and the hosts protected behind a firewall commonly have addresses in the "private address range“. Firewalls often have such functionality to hide the true address of protected hosts. Originally, the NAT function was developed to address the limited number of IPv4 routable addresses that could be used or assigned to companies or individuals as well as reduce both the amount and therefore cost of obtaining enough public addresses for every computer in an organization. Hiding the addresses of protected devices has become an increasingly important defense against network reconnaissance
Problems of CIA Triad  Although the CIA triad is a fundamental model for information security, it also focuses on a limited view of IT security that is centered on information. While the priority is to protect the information and ensure that data resources are available, the CIA model does not address prevention of an unauthorized person from using the system’s hardware resources.
Another issue is the information security professionals will concentrate on the “confidentiality” part of the triad, essentially ignoring the other components of a balanced security approach. For instance, when the “accessibility” component of the triad is neglected, this could mean severe disruptions to communications, costing millions and significantly impacting an industry. Thus, it is necessary for security professionals to contribute skills and knowledge during the purchasing and selection process for an organization’s communications network.
Conclusion  This Presentation gives a glimpse about the security concerns for E-Commerce and requirement for a secure E- Commerce environment . It comprises of Security Triads I.e C.I.A (Confidentiality , Integrity, Availability). It also explains about Firewall and its various types. Network security issue and the problems faced in Network triads are also discussed.

More Related Content

Web security

  • 1. WEB SECURITY HIMANSHU TYAGI VIJETA GANDHI JASPREET SINGH
  • 2. REQUIRMENT FOR SECURE E-COMMERCE  Intellectual property threats  Client computer threats  Communication channel threats  Server threats
  • 4. Confidentiality  Ensures that data or an information system is accessed by only an authorized person. User Id’s and passwords, access control lists (ACL) and policy based security are some of the methods through which confidentiality is achieved
  • 5. Integrity  Integrity assures that the data or information system can be trusted. Ensures that it is edited by only authorized persons and remains in its original state when at rest. Data encryption and hashing algorithms are key processes in providing integrity
  • 6. Availability  Data and information systems are available when required. Hardware maintenance, software patching/upgrading and network optimization ensures availability
  • 7. NETWORK SECURITY  Network security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs conducting transactions and communications among businesses, government agencies and individuals.
  • 8. FIREWALLS  A firewall is a hardware or software system that prevents unauthorized access to or from a network. They can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet. All data entering or leaving the Intranet pass through the firewall, which examines each packet and blocks those that do not meet the specified security criteria. Types of firewall:-  Network layer or packet filters  Application-layer  Proxies  Network address translation
  • 9. Network layer or packet filters  Network layer firewalls generally make their decisions based on the source address, destination address and ports in individual IP packets. A simple router is the traditional network layer firewall, since it is not able to make particularly complicated decisions about what a packet is actually talking to or where it actually came from. Modern network layer firewalls have become increasingly more sophisticated, and now maintain internal information about the state of connections passing through them at any time.
  • 10. Application-layer  Application layer firewalls defined, are hosts running proxy servers, which permit no traffic directly between networks, and they perform elaborate logging and examination of traffic passing through them. Since proxy applications are simply software running on the firewall, it is a good place to do lots of logging and access control. Application layer firewalls can be used as network address translators, since traffic goes in one side and out the other, after having passed through an application that effectively masks the origin of the initiating connection, Chris Partsenidis says.
  • 11. Proxies  Proxy firewalls offer more security than other types of firewalls, but this is at the expense of speed and functionality, as they can limit which applications your network can support.In Proxy firewall traffic does not flow through a proxy. Instead, computers establish a connection to the proxy, which serves as an intermediary, and initiate a new network connection on behalf of the request. This prevents direct connections between systems on either side of the firewall and makes it harder for an attacker to discover where the network is, because they will never receive packets created directly by their target system.
  • 12. Network address translation  Firewalls often have network address translation {NAT} functionality, and the hosts protected behind a firewall commonly have addresses in the "private address range“. Firewalls often have such functionality to hide the true address of protected hosts. Originally, the NAT function was developed to address the limited number of IPv4 routable addresses that could be used or assigned to companies or individuals as well as reduce both the amount and therefore cost of obtaining enough public addresses for every computer in an organization. Hiding the addresses of protected devices has become an increasingly important defense against network reconnaissance
  • 13. Problems of CIA Triad  Although the CIA triad is a fundamental model for information security, it also focuses on a limited view of IT security that is centered on information. While the priority is to protect the information and ensure that data resources are available, the CIA model does not address prevention of an unauthorized person from using the system’s hardware resources.
  • 14. Another issue is the information security professionals will concentrate on the “confidentiality” part of the triad, essentially ignoring the other components of a balanced security approach. For instance, when the “accessibility” component of the triad is neglected, this could mean severe disruptions to communications, costing millions and significantly impacting an industry. Thus, it is necessary for security professionals to contribute skills and knowledge during the purchasing and selection process for an organization’s communications network.
  • 15. Conclusion  This Presentation gives a glimpse about the security concerns for E-Commerce and requirement for a secure E- Commerce environment . It comprises of Security Triads I.e C.I.A (Confidentiality , Integrity, Availability). It also explains about Firewall and its various types. Network security issue and the problems faced in Network triads are also discussed.