Introduction to cyber security 2.ppt.pdf
AarifS1
1 views
55 slides
Nov 01, 2025
Slide 1 of 55
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
About This Presentation
Cyber security
Slide Content
Module 4
System and Application Security
Chapter 2 - System Security
System and Application Security
Chapter 2 - System Security
System Security
•We discuss
–Desktop Security
–email security: PGP and SMIME 3
–Database Security
– Web Security: web authentication, SSL and SET 4
•We discuss
–Desktop Security
–email security: PGP and SMIME 3
–Database Security
– Web Security: web authentication, SSL and SET 4
Email Security
(Pretty Good Privacy (PGP),S/MIME)
•Email is one of the most heavily used
network-based application.
•There are two widely used schemes for
providing authentication and confidentiality
for email security, PGP and S/MIME.
(Pretty Good Privacy (PGP),S/MIME)
•Email is one of the most heavily used
network-based application.
•There are two widely used schemes for
providing authentication and confidentiality
for email security, PGP and S/MIME.
SMTP
•Internet email is originally based on
SMPT-protocol (Simple Mail Transfer Protocol)
•SMPT transfers a message consisting of header
lines and a body (all ASCII) using a packet relay
network.
•SMPT does not have any security services. The
messages can easily be read or modified. Also
the senders address of routing information is
easy to change.
•Internet email is originally based on
SMPT-protocol (Simple Mail Transfer Protocol)
•SMPT transfers a message consisting of header
lines and a body (all ASCII) using a packet relay
network.
•SMPT does not have any security services. The
messages can easily be read or modified. Also
the senders address of routing information is
easy to change.
MIME
•”Multipurpose Internet Mail Extensions” is an
extension to solve many limitations of using
text-based messages and SMPT.
•MIME does not have security sercvices either.
•”Multipurpose Internet Mail Extensions” is an
extension to solve many limitations of using
text-based messages and SMPT.
•MIME does not have security sercvices either.
Database Security
•Definition - What does Database
Security mean?
–Database security refers to the collective
measures used to protect and secure a database
or database management software from
illegitimate use and malicious threats and attacks.
–It is a broad term that includes a multitude of
processes, tools and methodologies that ensure
security within a database environment.
•Definition - What does Database
Security mean?
–Database security refers to the collective
measures used to protect and secure a database
or database management software from
illegitimate use and malicious threats and attacks.
–It is a broad term that includes a multitude of
processes, tools and methodologies that ensure
security within a database environment.
Techopedia explains Database
Security
•Database security covers and enforces security on all aspects
and components of databases. This includes:
•Data stored in database ,Database server
•Database management system (DBMS)
•Other database workflow applications
•Database security is generally planned, implemented and
maintained by a database administrator and or other
information security professional.
Security
•Database security covers and enforces security on all aspects
and components of databases. This includes:
•Data stored in database ,Database server
•Database management system (DBMS)
•Other database workflow applications
•Database security is generally planned, implemented and
maintained by a database administrator and or other
information security professional.
•Some of the ways database security is analyzed and
implemented include:
1. Restricting unauthorized access and use by implementing
strong and multifactor access and data management controls
2. Load/stress testing and capacity testing of a database to
ensure it does not crash in a distributed denial of service
(DDoS) attack or user overload
3. Physical security of the database server and backup
equipment from theft and natural disasters
4. Reviewing existing system for any known or unknown
vulnerabilities and defining and implementing a road
map/plan to mitigate them
implemented include:
1. Restricting unauthorized access and use by implementing
strong and multifactor access and data management controls
2. Load/stress testing and capacity testing of a database to
ensure it does not crash in a distributed denial of service
(DDoS) attack or user overload
3. Physical security of the database server and backup
equipment from theft and natural disasters
4. Reviewing existing system for any known or unknown
vulnerabilities and defining and implementing a road
map/plan to mitigate them
Web Security
•Web application security, is a branch
of Information Security that deals specifically
with security of websites, web
applications and web services.
•Web application security, is a branch
of Information Security that deals specifically
with security of websites, web
applications and web services.
Security Threats
•With the emergence of Web 2.0, increased
information sharing through social
networking and increasing business adoption
of the Web as a means of doing business and
delivering service, websites are often attacked
directly.
•Hackers either seek to compromise the
corporate network or the end-users accessing
the website by subjecting them to drive-by
downloading.
•With the emergence of Web 2.0, increased
information sharing through social
networking and increasing business adoption
of the Web as a means of doing business and
delivering service, websites are often attacked
directly.
•Hackers either seek to compromise the
corporate network or the end-users accessing
the website by subjecting them to drive-by
downloading.
•as a result, industry is paying increased attention to the
security of the web applications themselves in addition
to the security of the underlying computer
network and operating systems.
•The majority of web application attacks occur
through cross-site scripting (XSS) and SQL
injection attacks which typically result from flawed
coding, and failure to sanitize input to and output from
the web application.
•Phishing is another common threat to the Web
application and global losses from this type of attack in
2012 were estimated at $1.5 billion.
Security Threats
security of the web applications themselves in addition
to the security of the underlying computer
network and operating systems.
•The majority of web application attacks occur
through cross-site scripting (XSS) and SQL
injection attacks which typically result from flawed
coding, and failure to sanitize input to and output from
the web application.
•Phishing is another common threat to the Web
application and global losses from this type of attack in
2012 were estimated at $1.5 billion.
Security Threats
Web Security
Secure Electronic Transaction(SET)
•Developed by Visa and MasterCard
•Designed to protect credit card transactions
•Confidentiality: all messages encrypted
•Trust: all parties must have digital certificates
•Privacy: information made available only when and where necessary
•Confidentiality of payment and order information
–Encryption
•Integrity of all data (digital signatures)
•Authentication of cardholder & account (certificates)
•Authentication of merchant (certificates)
•No reliance on secure transport protocols (uses TCP/IP)
•Interoperability between SET software and network
–Standardized message formats
•SET is a payment protocol
–Messages relate to various steps in a credit card transaction
Secure Electronic Transaction(SET)
•Developed by Visa and MasterCard
•Designed to protect credit card transactions
•Confidentiality: all messages encrypted
•Trust: all parties must have digital certificates
•Privacy: information made available only when and where necessary
•Confidentiality of payment and order information
–Encryption
•Integrity of all data (digital signatures)
•Authentication of cardholder & account (certificates)
•Authentication of merchant (certificates)
•No reliance on secure transport protocols (uses TCP/IP)
•Interoperability between SET software and network
–Standardized message formats
•SET is a payment protocol
–Messages relate to various steps in a credit card transaction
SSL (Secure Sockets Layer)
•NOT a payment protocol -can be used for any secure
communications, like credit card numbers
•SSL is a secure data exchange protocol providing
–Privacy between two Internet applications
–Authentication of server (authentication of browser optional)
•Uses enveloping: RSA used to exchange DES keys
•SSL Handshake Protocol
–Negotiates symmetric encryption protocol, authenticates
•SSL Record Protocol
–Packs/unpacks records, performs encryption/decryption
•Does not provide non-repudiation
•Layered on top of TCP/IP but below the application layer.
(Requires reliable transport to operate.)
•SSL is increasing in importance for Internet security
•NOT a payment protocol -can be used for any secure
communications, like credit card numbers
•SSL is a secure data exchange protocol providing
–Privacy between two Internet applications
–Authentication of server (authentication of browser optional)
•Uses enveloping: RSA used to exchange DES keys
•SSL Handshake Protocol
–Negotiates symmetric encryption protocol, authenticates
•SSL Record Protocol
–Packs/unpacks records, performs encryption/decryption
•Does not provide non-repudiation
•Layered on top of TCP/IP but below the application layer.
(Requires reliable transport to operate.)
•SSL is increasing in importance for Internet security
Thank You
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 1
- Slides 55
- Age 6 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
0 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
0 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
0 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
0 views
21
Know for Certain
0 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
0 views