Date post: | 30-Dec-2015 |
Category: |
Documents |
Upload: | hilary-preston-short |
View: | 215 times |
Download: | 0 times |
Copyright © 2004 Pearson Education, Inc. Slide 5-1
Securing Channels of Communication Secure Sockets Layer (SSL): Most common form of
securing channels of communication; used to establish a secure negotiated session (client-server session in which URL of requested document, along with contents, is encrypted)
S-HTTP: Alternative method; provides a secure message-oriented communications protocol designed for use in conjunction with HTTP
Virtual Private Networks (VPNs): Allow remote users to securely access internal networks via the Internet, using Point-to-Point Tunneling Protocol (PPTP)
Copyright © 2004 Pearson Education, Inc. Slide 5-2
Secure Negotiated Sessions Using SSLFigure 5.10, Page 282
Copyright © 2004 Pearson Education, Inc. Slide 5-3
Protecting Networks: Firewalls and Proxy Servers
Firewall: Software application that acts as a filter between a company’s private network and the Internet
Firewall methods include: Packet filters Application gateways
Proxy servers: Software servers that handle all communications originating from for being sent to the Internet (act as “spokesperson” or “bodyguard” for the organization)
Copyright © 2004 Pearson Education, Inc. Slide 5-4
Firewalls and Proxy ServersFigure 5.11, Page 284
Copyright © 2004 Pearson Education, Inc. Slide 5-5
A Security Plan: Management Policies Steps in developing a security plan:
Perform risk assessment – assessment of risks and points of vulnerability
Develop security policy – set of statements prioritizing information risks, identifying acceptable risk targets and identifying mechanisms for achieving targets
Develop implementation plan – action steps needed to achieve security plan goals
Create security organization – in charge of security; educates and trains users, keeps management aware of security issues; administers access controls, authentication procedures and authorization policies
Perform security audit – review of security practices and procedures
Copyright © 2004 Pearson Education, Inc. Slide 5-6
Developing an E-commerce Security PlanFigure 5.12, Page 286
Copyright © 2004 Pearson Education, Inc. Slide 5-7
Insight on Business: Tiger Teams – Hiring Hackers to Locate Threats
Tiger team: Group whose sole job activity is attempting to break into a site
Originated in 1970s with U.S. Air Force By 1980s-1990s, had spread to corporate
arena Most use just “white hats” and refuse to hire
known grey or black hats
Copyright © 2004 Pearson Education, Inc. Slide 5-8
The Role of Laws and Public Policy New laws have granted local and national authorities
new tools and mechanisms for identifying, tracing and prosecuting cybercriminals
National Infrastructure Protection Center – unit within FBI whose mission is to identify and combat threats against U.S. technology and telecommunications infrastructure
USA Patriot Act Homeland Security Act Government policies and controls on encryption
software
Copyright © 2004 Pearson Education, Inc. Slide 5-9
E-commerce Security LegislationTable 5.3, Page 290
Copyright © 2004 Pearson Education, Inc. Slide 5-10
Government Efforts to Regulate and Control EncryptionTable 5.4,
Page 292
Copyright © 2004 Pearson Education, Inc. Slide 5-11
OECD Guidelines 2002 Organization for Economic Cooperation and
Development (OECD) Guidelines for the Security of Information Systems and Networks has Nine principles: Awareness Responsibility Response Ethics Democracy Risk assessment Security design and implementation Security management Reassessment
Copyright © 2004 Pearson Education, Inc. Slide 5-12
VeriSign: The Web’s Security BlanketPage 294
Copyright © 2004 Pearson Education, Inc. Slide 5-13
Case Study: VeriSign: The Web’s Security Blanket
University of Pittsburgh’s e-Store an example of Internet trust (security) services offered by VeriSign
VeriSign has grown early expertise in public key encryption into related Internet security infrastructure businesses
Dominates the Web site encryption services market with over 75% market share
Provides secure payment services Provides businesses and government agencies with
managed security services Provides domain name registration, and manages
the .com and .net domains