Web Security - Network Security - Lecture Slides, Slides of Cryptography and System Security

During the studies,their is a network security program offered in our university, this course is very helpful. The main points discuss in these lecture slides are:Web Security, Protect E-Mail Systems, World Wide Web Vulnerabilities, Web Communications, Instant Messaging, Target of Attackers, Transmission Control, Internet Protocol, Simple Mail Transfer, Sendmail Queue

Typology: Slides

2012/2013

Uploaded on 04/24/2013

ballari
ballari 🇮🇳

4.6

(10)

117 documents

1 / 48

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Chapter 6: Web Security
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30

Partial preview of the text

Download Web Security - Network Security - Lecture Slides and more Slides Cryptography and System Security in PDF only on Docsity!

Chapter 6: Web Security

Objectives

  • Protect e-mail systems
  • List World Wide Web vulnerabilities
  • Secure Web communications
  • Secure instant messaging

How E-Mail Works

  • Use two Transmission Control Protocol/Internet Protocol (TCP/IP) protocols to send and receive messages - Simple Mail Transfer Protocol (SMTP) handles outgoing mail - Post Office Protocol (POP3 for the current version) handles incoming mail
  • The SMTP server on most machines uses sendmail to do the actual sending; this queue is called the sendmail queue

How E-Mail Works (continued)

How E-Mail Works (continued)

  • E-mail attachments are documents in binary format (word processing documents, spreadsheets, sound files, pictures)
  • Non-text documents must be converted into text format before being transmitted
  • Three bytes from the binary file are extracted and converted to four text characters

E-Mail Vulnerabilities

  • Several e-mail vulnerabilities can be exploited by attackers: - Malware - Spam - Hoaxes

Malware (continued)

  • A worm can enter a user’s computer through an e-mail attachment and send itself to all users listed in the address book or attach itself as a reply to all unread e-mail messages
  • E-mail clients can be particularly susceptible to macro viruses - A macro is a script that records the steps a user performs - A macro virus uses macros to carry out malicious functions

Malware (continued)

  • Users must be educated about how malware can enter a system through e-mail and proper policies must be enacted to reduce risk of infection - E-mail users should never open attachments with these file extensions: .bat, .ade, .usf, .exe, .pif
  • Antivirus software and firewall products must be installed and properly configured to prevent malicious code from entering the network through e-mail
  • Procedures including turning off ports and eliminating open mail relay servers must be developed and enforced

Spam (continued)

  • According to a Pew memorial Trust survey, almost half of the approximately 30 billion daily e-mail messages are spam
  • Spam is having a negative impact on e-mail users: - 25% of users say the ever-increasing volume of spam has reduced their overall use of e-mail - 52% of users indicate spam has made them less trusting of e-mail in general - 70% of users say spam has made being online unpleasant or annoying

Spam (continued)

  • Filter e-mails at the edge of the network to prevent spam from entering the SMTP server
  • Use a backlist of spammers to block any e-mail that originates from their e-mail addresses
  • Sophisticated e-mail filters can use Bayesian filtering - User divides e-mail messages received into two piles, spam and not-spam

Hoaxes (continued)

  • Any e-mail message that appears as though it could not be true probably is not
  • E-mail phishing is also a growing practice
  • A message that falsely identifies the sender as someone else is sent to unsuspecting recipients

E-Mail Encryption

  • Two technologies used to protect e-mail messages as they are being transported: - Secure/Multipurpose Internet Mail Extensions - Pretty Good Privacy

Pretty Good Privacy (PGP)

  • Functions much like S/MIME by encrypting messages using digital signatures
  • A user can sign an e-mail message without encrypting it, verifying the sender but not preventing anyone from seeing the contents
  • First compresses the message
    • Reduces patterns and enhances resistance to cryptanalysis
  • Creates a session key (a one-time-only secret key) - This key is a number generated from random movements of the mouse and keystrokes typed

Pretty Good Privacy (PGP)

(continued)

  • Uses a passphrase to encrypt the private key on the local computer
  • Passphrase:
    • A longer and more secure version of a password
    • Typically composed of multiple words
    • More secure against dictionary attacks